Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 23, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 23, 2023
The latest report by Mandiant took the wraps off of a custom malware that let a Chinese actor victimize organizations in Europe and Africa, via a Fortinet zero-day. Named Boldmove, the malware has both Windows and Linux variants, the latter of which was specifically designed to run in part on Fortinet devices. Don’t ignore that warning! In a change of tactics, cybercriminals were discovered parting ways with malicious Word and Excel attachments and deploying OneNote attachments in their upcoming phishing techniques. They would drop a variety of RATs on systems with crypto wallets as their prime targets.
In a separate study, researchers reported about Album Stealer, an info-stealer that can steal sensitive user data from victims’ Facebook accounts. Besides, it can harvest cookies and stored credentials from different web browsers.
**Cyberattack delays game patches **
Riot Games suffered a security breach that crippled its ability to publish patches for its games. The game publisher announced the incident on Twitter. In the early investigation, it assured that players’ games or personal data were safe. It promised to relay updates from the ongoing investigation.
Canada’s energy supplier hit
A cyberattack aimed at Qulliq Energy Corporation, Canada, impacted the systems at the corporation’s customer care and administrative offices. While there was no damage to power plants, the firm has urged users to make payments using cash or through bank transfers and not credit cards.
**Ransomware attack on healthcare technology giant **
The AlphV/BlackCat ransomware group added NextGen Healthcare, the multibillion-dollar healthcare giant, as its latest victim on its leak site. Officials said they are fully aware and doing their best to remediate the situation. Meanwhile, the hacker group was also observed adding global fruit and vegetable marketer Fresh Del Monte and PharmaCare Services as its victims on the site.
Album Stealer spreads via adult FB lures
Zscaler ThreatLabz research team has spotted a new information stealer that disguises itself as albums containing adult photos. The malware, dubbed Album Stealer, performs DLL side-loading technique to avoid detection in multiple stages. It can steal information such as cookies and stored credentials from multiple browsers. The infection affects Facebook Ads Manager, Facebook Business accounts, and Facebook API graph pages.
RAT distribution via OneNote attachments
Cyber adversaries were found leveraging OneNote attachments to infect victims with remote access malware to harvest their credentials or even cryptocurrency wallets. Researchers spotted criminals installing malware, such as Quasar RAT, AsyncRAT, and XWorm RAT, on infected machines via OneNote files. For this infection, the computer does warn users with a pop-up.
Boldmove against FortiOS zero-day
Mandiant suspects that Chinese hackers may have abused FortiOS SSL-VPN flaw to target the European government and an African MSP with Boldmove, a Linux and Windows malware. Hackers exploited a previously patched flaw, CVE-2022-42475, in FortiOS as a zero-day. The exploitation occurred as early as October 2022 and the patch was out in December.