Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 4, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 4, 2023
Security experts took the wraps off of a cybercriminal group originating from Mexico, responsible for carrying out an Android malware campaign against financial institutions worldwide between June 2021 and April 2023. Prominent banks on target include the likes of Santander, BBVA, CaixaBank, Deutsche Bank, Crédit Agricole, and ING. In other news, roughly 335,900 of the FortiGate firewalls reachable over the web are vulnerable to attacks, owing to a critical heap-based buffer overflow bug. What’s worse? The proof-of-concept code of the bug is publicly available.
Furthermore, the perpetrators behind the DDoSia attack tool have introduced a new version that includes an additional mechanism for obtaining a list of targets. This version can flood the identified targets with a barrage of junk HTTP requests.
Microsoft refutes data breach claims
Anonymous Sudan, a hacker collective, claimed responsibility for pulling off DDoS attacks on Microsoft that crippled Outlook email, OneDrive, and Azure infrastructure in June. The cybercriminals are now asserting that they have gained access to a substantial database containing over 30 million Microsoft accounts, including associated email addresses and passwords. However, Microsoft denied the claim.
Crypto platform lost millions
A cyberattack on Poly Network, a decentralized interoperability protocol, has resulted in its services downtime while millions of dollar worth of crypto assets were stolen. The company demonstrated the leaked assets through a shared Google spreadsheet. The team disclosed that the exploit had an impact on 57 different crypto assets across 10 blockchains, which encompass Ethereum, BNB Chain, Polygon, Avalanche, Heco, OKX, and Metis.
SM platforms blurt out user data
SOCRadar Dark Web Team reported a massive security breach incident affecting well-established social media sites, namely TikTok, Instagram, and Yahoo. The purported breach encompassed a TikTok database worth 178GB, over 17 million records pertaining to Instagram accounts, and a leaked database containing information from Yahoo! Accounts.
Android malware by Neo_Net
Cybersecurity researchers have uncovered a two-year-long Android malware campaign that has been targeting the banking sector worldwide. However, there’s a notable emphasis on Spanish and Chilean banks. Experts have named the actor Neo_Net. Criminals have so far stolen over $381,000 from customer bank accounts and compromised the PII of thousands of victims. They gain initial access to a target network via SMS phishing.
New EarlyRAT Linked to Lazarus
Security analysts have discovered a previously undisclosed remote access trojan and named it EarlyRAT. This trojan is suspected to be employed by Andariel, a sub-group associated with the North Korean state-sponsored Lazarus group. Security researchers have noted striking similarities between EarlyRAT and MagicRAT, another tool employed by Lazarus.
DDoSia boasts new features
A new version of the DDoSia attack tool has been introduced by its developer. This variant is written in Golang, indicating that it can target Windows, Linux, and macOS systems. From May 8 to June 26, Lithuania, Ukraine, Czechia, Poland, Italy, Denmark, Latvia, France, the U.K, and Switzerland remained the most targeted countries. During this period, a total of 486 distinct websites were impacted by the attacks. The operator distributes it through a fully-automated process on Telegram.
Numerous unsecured FortiOS devices
A critical security issue has been discovered rendering approximately 335,900 FortiGate firewalls vulnerable to exploitation. The vulnerability, tracked as CVE-2023-27997, is a heap-based buffer overflow issue in FortiOS. Adversaries exploiting the flaw can remotely execute code on susceptible devices with their SSL VPN interface exposed on the web.