Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 14, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 14, 2022
Several government organizations and universities are caught in the crosshairs of disparate spear-phishing campaigns. Launched across the globe, the campaigns are active since 2021 and are attributed to different threat actor groups. A variety of trojans such as AsyncRAT, LimeRAT, CrimsonRAT, and ObliqueRAT are being used to exfiltrate sensitive data from victims’ systems. In parallel, Ukrainians also fell victim to a spear-phishing attack that distributed GuLoader malware.
A new ransomware dubbed Lilith has joined the bandwagon of ransomware families supporting double extortion tactics. To start with, the attackers have posted the name of their first victim on their data leak site. Lastly, a new Android malware has infected over 3 million users by masquerading as utility apps.
1.9 million patient records exposed
Professional Finance Company recently disclosed a ransomware attack that impacted the private data of around 1.9 million people associated with hundreds of U.S. hospitals, medical clinics, and dental firms. The debt collecting firm revealed that the criminals were able to access files from more than 650 healthcare providers.
Deakin University affected
A data breach at Deakin University impacted the data of almost 47,000 current and past students. The university disclosed that the attackers had leveraged the credentials of a single staff member to access information held by a third-party provider and to forward messages prepared by the university to students via SMS.
New Autolycos malware
A new Android malware family named Autolycos was discovered in at least eight Android applications, two of which are still available on the Google Play Store. So far, the malware has infected over 3 million users and is capable of harvesting data from mobile devices.
New Lilith ransomware emerges
A new ransomware family dubbed Lilith has emerged in the threat landscape. It has already posted its first victim on a data leak site created to support double-extortion attacks. The ransomware appends the .lilith extension when encrypting files.
AsyncRAT targets government agencies
A large-scale spear-phishing campaign that distributes AsyncRAT and LimeRAT has been active since 2021. The campaign uses geopolitical themes to target government agencies in Afghanistan, India, Italy, Poland, and the U.S. Once the trojan is installed, it establishes communication with C2 server to exfiltrate victim data.
**CrimsonRAT targets Indian students **
Transparent Tribe APT is using CrimsonRAT and ObliqueRAT to target universities and colleges in India. The campaign has been ongoing since December 2021 and uses spear-phishing emails as the primary attack vector.
GuLoader malware spotted
A coffee company in Ukraine was targeted by GuLoader malware in a spear-phishing attack. The ultimate goal of the campaign was to deploy additional malware on targeted Windows machines. Previously, the malware loader was used to deploy Agent Tesla, Formbook, and LokiBot.
Adobe releases updates
Adobe has released security updates for Acrobat and Reader, RoboHelp, Photoshop, and Animator products. An attacker can exploit some of these vulnerabilities to take control of affected systems. These flaws are tracked as CVE-2022-23201, CVE-2022-34243, CVE-2022-34244, CVE-2022-34241, and CVE-2022-34242.
SAP issues patches
SAP has announced patches for several vulnerabilities affecting its products. The most severe of these is tracked as CVE-2022-35228 and impacts the central management console of the BusinessObjects business intelligence platform. Other affected products include the Business One NetWeaver Enterprise portal.
VMware addressed a flaw
VMware has addressed an eight-month-old high-severity privilege escalation flaw, tracked as CVE-2021-22048. The flaw can be exploited to gain non-administrative access to vulnerable vCenter server deployments and elevate privileges to the administrator level.
WhatsApp users tricked
A fake version of WhatsApp is tricking unsuspecting users into sharing their personal information. The victims are promised new features as a lure to install the app. The users are warned to be aware of such tricks and to download the app from legitimate stores.