Cyware Daily Threat Intelligence
Daily Threat Briefing • Jun 6, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jun 6, 2023
Cyclops ransomware group is making strides in the cyber landscape for more than one reason. It has leveled up its game with multi-platform ransomware and info-stealer malware. Researchers have also noted similarities in the encryption logic between the Cyclops ransomware and the Babuk ransomware. In other news, a major cryptocurrency scam—operational since at least 2021—has likely victimized thousands of individuals worldwide. The scam involves over a thousand websites under an operation run by a Russian-speaking threat actor named Impulse Team.
Google patched the third Chrome zero-day of 2023 for nearly 3 billion users. The bug, CVE-2023-3079, is a type confusion issue in the V8 JavaScript engine and was likely exploited by a commercial spyware vendor.
MOVEit bug impacts BBC and British Airways
BBC and British Airways announced a data security incident after their common third-party payroll provider Zellis was affected by a cyberattack aimed at a file transfer solution from MOVEit. The personal data of employees at both firms has been compromised. The vulnerability in MOVEit Transfer that hackers could have exploited is an SQL injection flaw that can allow an attacker to gain unauthorized access to its database.
Critical data exposed in negligence
Online healthcare outfits retailer Scrubs & Beyond experienced a data exposure incident and security researchers are warning users to be on ‘high alert’. The incident has resulted in the public disclosure of customers' PII and sensitive financial data. The exposed data includes plaintext credit card details, such as card numbers, expiry dates, and CVV codes, along with PayPal payment logs, order information, and purchase logs.
Cyclops operator gets greedy
The Cyclops ransomware group is reportedly distributing a Go-based info-stealer to infect and steal sensitive data from systems running Windows and Linux OS. Meanwhile, it was also observed upgrading its ransomware strain with a cross-platform capability to target Windows, Linux, and macOS devices. The Cyclops group is actively promoting its ransomware on various cybercrime forums and expects users to share a percentage of their profits from attacks.
Google Chrome’s third zero-day
A security update has been rolled against the third zero-day of the year so far, reported recently for the Chrome web browser. Google claimed it is fully aware of the availability of an exploit for the bug identified as CVE-2023-3079. The high-severity issue lies in Chrome's JavaScript engine called V8, which can lead to malicious memory manipulation and arbitrary code execution. Full information on the bug and how it was used in attacks wasn’t disclosed by the tech giant.
Over 50 security issues found in Android
Another update by Google is for the Android platform which addressed a total of 56 security flaws, with five of them receiving critical ratings on the severity scale. One of these critical vulnerabilities was found to be under attack at least since December 2022. A high-severity vulnerability identified as CVE-2022-22706 (in the Mali GPU kernel driver) was exploited in a spyware campaign targeting Samsung phones.
Significant cryptocurrency scam
Trend Micro experts found a massive cryptocurrency scam running with the help of over a thousand fraudulent websites managed by various affiliates associated with Impulse Project. It is said to be operated by a threat actor known as Impulse Team and predominantly active in Russian-speaking circles. The scam operates through an advanced fee fraud scheme that revolves around deceiving victims into believing they have won a specific amount of cryptocurrency.
Operation CMDStealer steals banking credentials
Spanish and Portuguese speakers are being targeted by an unidentified cybercrime group with the aim to harvest their online banking credentials. The frequency of attacks is higher in Mexico, Peru, and Portugal. The BlackBerry Research and Intelligence Team, who discovered the attack, has attributed the campaign to a Brazilian threat actor, and the campaign is being tracked as Operation CMDStealer.