Cyware Daily Threat Intelligence
Daily Threat Briefing • Jun 7, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jun 7, 2023
The aerospace industry faces a new threat in the form of a Powershell script that launches a malware attack. Its technique has experts perplexed as it blurs the distinction between a conventional off-the-shelf threat and the sophisticated techniques employed by APT groups. Meanwhile, the astrobiology website of NASA was found to be affected by an open redirect flaw. The unpatched bug could redirect users to adversaries’ choice of sites for downloading malware onto their devices, posing a significant threat to their security.
Have you fixed the MOVEit Transfer zero-day vulnerability? But first, you need to scan your network for signs of infections by the Cl0p ransomware group as it claims to have infiltrated hundreds of business networks.
i2VPN admin credentials leaked
Admin credentials of i2VPN, a freemium VPN proxy server application, have been making rounds on Telegram - noted security analysts at SafetyDetective. Hackers assert that they have compromised the administrative credentials that could impact hundreds of thousands of i2VPN customers. User IDs, names, email addresses, and subscription-related information, such as payment methods and expiry dates, could be accessed using these credentials.
Cl0p attempts extortion
The Cl0p ransomware group has issued an extortion note asserting that it has potentially compromised hundreds of businesses. The group initially set a ransom deadline of June 12, threatening to disclose the names of the victims on its leak website if the demands were not met. However, the deadline was subsequently extended to June 14. The group claims to have exploited the recently uncovered MOVEit Transfer critical zero-day vulnerability.
PowerDrop targets U.S. aerospace industry
The U.S. aerospace industry has recently been targeted by an unidentified threat actor leveraging a newly discovered malware that researchers named PowerDrop. The PowerShell-based post-exploitation tool establishes communication with its C2 server by echoing Internet Control Message Protocol (ICMP) request messages as beacons. Its sophisticated evasion techniques include deception, encoding, and encryption.
LonePage and ThumbChop used together
In other news, CERT-UA detailed an espionage campaign that crippled "several dozen" computers since mid-2022 in the country. The campaign propagates via phishing emails and text messages to distribute what experts are calling the LonePage malware. The campaign also downloads an information-stealing component designed for Chrome and Opera browsers, known as ThumbChop.
‘Hole’ in a NASA website
The Cybernews research team reported an open redirect bug concerning the daily visitors to NASA’s astrobiology website. Attackers can exploit this vulnerability to deceive users into visiting malicious websites or phishing pages by disguising the malicious URL as a legitimate one, potentially leading to security breaches and compromise of sensitive information. The analysis also found that the bug was disclosed earlier this year during an open bug bounty program, however, it remained unpatched.