Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 3, 2022

Researchers have discovered attacks targeting Confluence servers. Atlassian is telling customers to make their servers inaccessible due to the unavailability of a patch. Meanwhile, two new malware Clipminer and WinDealer also made headlines in the past 24 hours. Clipminer has helped adversaries rake in over a million in unlawful transactions.

A ransomware attack has reportedly hit SATT Sud-Est, a French firm. Hackers claimed they pilfered nearly 200GB of data and left a ransom note worth $500,000.

Top Breaches Reported in the Last 24 Hours

Data extortion grips a French firm

Industrial Spy group claimed to have stolen data from a French company, named SATT Sud-Est and is offering it at $500,000. Though a data extortion group, it has been practicing ransomware tactics in its attacks lately. The group has leveled up the extortion game by publicly displaying ransom notes for its victims.

Mirror Protocol lost $2 million

Mirror Protocol, a DeFi platform on the Terra ecosystem, suffered a loss worth approximately $2 million owing to an exploit. Hackers abused a bug in the pricing oracle for the platform. The incident was highlighted in Mirror’s forum on May 28. Hackers stole funds from the synthetic versions of Ethereum, Polkadot, and Bitcoin.

Top Malware Reported in the Last 24 Hours

Clipminer malware earned millions

Threat analysts at Symantec have found a significant cryptomining operation by operators of a new malware called Clipminer. It uses trojanized downloads of pirated or cracked software to infect victims. Hackers swindled at least $1.7 million in illicit gains from mining and theft via clipboard hijacking. Researchers reported that 4,375 cryptocurrency wallet addresses allegedly received stolen funds.

LuoYu actor drops WinDealer

Kaspersky followed on the findings by TeamT5 to discover that WinDealer—deployed by Chinese-speaking threat actor LuoYu—has been performing intrusions through a man-on-the-side attack. This technique allows an actor to modify in-transit network traffic and insert malicious payloads. What makes this especially dangerous is that it requires no interaction with the victim.

Threat group switches its weapon

The Evil Corp cybercrime group was observed deploying LockBit ransomware on its targets in an attempt to avoid any sanctions imposed by U.S. officials. According to Mandiant, the development shall let victims pay without encountering risks associated with breaching OFAC regulations. The threat group has previously been deploying the Dridex malware.

Top Vulnerabilities Reported in the Last 24 Hours

Zero-day discovered in Atlassian Confluence

A new Atlassian Confluence zero-day, tracked as CVE-2022-26134, is being exploited by cybercriminals to deploy webshells. This can lead to critical remote code execution attacks. As per reports, Confluence Server and Data Center 7.4.0 and higher are believed to be vulnerable. Organizations using Atlassian Cloud are unaffected.

Intel exploits developed but never used

A leak studied by Eclypsium disclosed that the possibly defunct Conti group targeted two Intel firmware management tools, including Intel ME, in hard-to-detect attacks. The threat group members had already developed PoC code for these methods, roughly nine months ago. It is surmised that the criminals were planning firmware-based persistence for evading security products and device protection.

Top Scams Reported in the Last 24 Hours

Sextortion scam via BITB

The team at Zscaler unearthed a new Browser-in-the Browser (BITB) attack that threatens victims with a sextortion demand or their sensitive information would go public. To make the scam look legitimate, attackers impersonate the Government of India and ask victims to pay up if they wish to avoid imprisonment.

Related Threat Briefings