Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 7, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 7, 2021
It is all about business and no-nonsense for the notorious Evil Corp cybercrime group! The most-wanted Russian hacking group recently rebranded itself as new PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury. Previously, the gang had mimicked the Hades ransomware to bypass U.S. sanctions.
In another incident, Ukrainian public and private sector firms became the targets of a massive spear-phishing campaign that resulted in the attackers taking full control of some targeted systems. Launched by Russian threat actors, the campaign was carried out by impersonating the Kyiv Patrol Police Department.
A never-before-seen malware targeting Kubernetes clusters has been spotted by researchers. Named Siloscape, the heavily obfuscated malware can launch a backdoor on poorly configured clusters to run malicious code.
Top Breaches Reported in the Last 24 Hours
Spear-phishing attack
Several organizations in the Ukrainian public and private sectors were targeted in a massive spear-phishing attack carried out by Russian threat actors. The attack, which took place last week, was carried out through emails purporting to be from representatives for the Kyiv Patrol Police Department. The emails warned recipients of their failure to pay local taxes.
Nucleus Software affected
Nucleus Software Exports has fallen victim to an Epsilon Red ransomware attack that resulted in the takedown of some of its internal networks and encrypted sensitive data. The firm revealed that the breach occurred on May 30. However, it has taken appropriate measures to address the issue.
Top Malware Reported in the Last 24 Hours
New Siloscape malware
Siloscape is the first known malware targeting Kubernetes clusters through Windows containers. This heavily obfuscated malware opens a backdoor into poorly configured clusters to launch malware.
Evil Corp rebrands itself
The Evil Corp cybercrime group has rebranded to PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury Department’s Office of Foreign Assets Control. Previously, the gang had renamed its ransomware operations to different names such as WastedLocker, Hades, and Phoenix to bypass these sanctions.
Top Vulnerabilities Reported in the Last 24 Hours
Urge to patch VMware
The CISA has warned companies running VMware vCenter Server and VMware Cloud Foundation software to deploy patches, as soon as possible, to prevent cyberattacks. The flaws, tracked as CVE-2021-21985 and CVE-2021-21986, have a severity rating of 9.8 out of 10.
Top Scams Reported in the Last 24 Hours
WhatsApp hijack scam
Scammers are posing as friends and asking for SMS security code as a part of an ongoing WhatsApp hijack scam. The scam has been around for years and yet victims continue to fall for it. WhatsApp has advised users to be cautious and not reveal their OTP or SMS security code to strangers.