Cyware Daily Threat Intelligence
Daily Threat Briefing • Jun 1, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jun 1, 2022
FluBot’s down! The FluBot infrastructure that hackers would use to send tens of thousands of SMS messages in an hour to Android users is under the clutches of Dutch police. The situation around the recently disclosed Microsoft bug, Follina, is tense. Several reports have surfaced claiming Chinese hackers are at the forefront of exploiting the bug.
Operations came to a standstill for hospitals and clinics in Costa Rica and at a Foxconn factory in Mexico in the wake of distinct cyberattacks. The latter is being blackmailed for $34 million in BTC.
Costa Rica's hospitals and clinics hit
The Costa Rican Social Security Fund (CCSS) was hacked in a major cyberattack. The incident forced the agency to shut its digital record-keeping system down, which impacted nearly 1,200 hospitals and clinics. Patients were advised to cooperate as there could be a delay in carrying out procedures during this situation of emergency.
Lockbit 2.0 encrypts Foxconn’s network
Hackers used the LockBit 2.0 ransomware to lock sensitive personal and company data at a Foxconn factory in Mexico. Threat actors have threatened to leak stolen files on June 11 if the victim doesn’t pay up. The cybercriminals have allegedly demanded more than $34 million in BTC.
Europol Chasened FluBot
An international law enforcement operation—involving 11 countries—has reportedly curbed the activities of the infamous FluBot Android malware, which had also started infecting iOS devices to steal sensitive information, such as passwords and banking details. The malware’s top attack vector was smishing.
**Chinese APT exploits Follina **
The Windows zero-day vulnerability, identified as CVE-2022-30190 or Follina, is being exploited by China-linked TA413 APT to target the International Tibetan community by impersonating its “Women Empowerments Desk.” The SANS Institute also found a document abusing the same flaw. The file’s name was written in a Chinese dialect.
**The flaw that’s flawless **
SEC Consult noted a backdoor account on Korenix JetPort industrial serial device servers, through which an unauthorized user can gain full control of the infected devices. Tracked as CVE-2020-12501, the flaw was only made public after a lengthy disclosure process that began in 2020. Reportedly, the backdoor account has the same password on all devices as it’s stored in the firmware. However, it’s no threat, says the vendor.
Zero-day grips Horde Webmail
Threats hover over the users of Horde Webmail as an RCE vulnerability (CVE-2022-30287) may allow attackers to infiltrate the webserver and compromise servers. It can also enable them to intercept emails, and access password-reset links and sensitive documents, which can lead to credential theft of users.
Faking U.K’s home delivery service
Scammers have erected a fake site (only responsive to mobile browsers) impersonating a home delivery company in the U.K called Evri. The bait includes messages containing an apology for not delivering the latest parcel. The phishing page asks for personal ID, credit card number, and bank details. If entered, one can lose card data and even bank account details to a damagingly ambitious scam.
Non-directed, Runescape-themed phishing
A new phishing email spoofs players of Runescape, the popular free MMORPG title from Jagex. It aims to create a panic by conveying to the players that their address has been accidentally added to someone else’s account and that it needs a quick fix. The victims are requested for the visitor’s authenticator code and also their bank PIN, where players essentially store their valuable items.