Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jun 7, 2021

It is all about business and no-nonsense for the notorious Evil Corp cybercrime group! The most-wanted Russian hacking group recently rebranded itself as new PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury. Previously, the gang had mimicked the Hades ransomware to bypass U.S. sanctions.

In another incident, Ukrainian public and private sector firms became the targets of a massive spear-phishing campaign that resulted in the attackers taking full control of some targeted systems. Launched by Russian threat actors, the campaign was carried out by impersonating the Kyiv Patrol Police Department.

A never-before-seen malware targeting Kubernetes clusters has been spotted by researchers. Named Siloscape, the heavily obfuscated malware can launch a backdoor on poorly configured clusters to run malicious code.

Top Breaches Reported in the Last 24 Hours

Spear-phishing attack

Several organizations in the Ukrainian public and private sectors were targeted in a massive spear-phishing attack carried out by Russian threat actors. The attack, which took place last week, was carried out through emails purporting to be from representatives for the Kyiv Patrol Police Department. The emails warned recipients of their failure to pay local taxes.

Nucleus Software affected

Nucleus Software Exports has fallen victim to an Epsilon Red ransomware attack that resulted in the takedown of some of its internal networks and encrypted sensitive data. The firm revealed that the breach occurred on May 30. However, it has taken appropriate measures to address the issue.

Top Malware Reported in the Last 24 Hours

New Siloscape malware

Siloscape is the first known malware targeting Kubernetes clusters through Windows containers. This heavily obfuscated malware opens a backdoor into poorly configured clusters to launch malware.

Evil Corp rebrands itself

The Evil Corp cybercrime group has rebranded to PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury Department’s Office of Foreign Assets Control. Previously, the gang had renamed its ransomware operations to different names such as WastedLocker, Hades, and Phoenix to bypass these sanctions.

Top Vulnerabilities Reported in the Last 24 Hours

Urge to patch VMware

The CISA has warned companies running VMware vCenter Server and VMware Cloud Foundation software to deploy patches, as soon as possible, to prevent cyberattacks. The flaws, tracked as CVE-2021-21985 and CVE-2021-21986, have a severity rating of 9.8 out of 10.

Top Scams Reported in the Last 24 Hours

WhatsApp hijack scam

Scammers are posing as friends and asking for SMS security code as a part of an ongoing WhatsApp hijack scam. The scam has been around for years and yet victims continue to fall for it. WhatsApp has advised users to be cautious and not reveal their OTP or SMS security code to strangers.

Related Threat Briefings