Cyware Daily Threat Intelligence

Daily Threat Briefing • Jun 20, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jun 20, 2022
Within a week, Taiwanese vendor QNAP was hit by two ransomware attacks, with the latest one coming from the eCh0raix. For this, only a few dozen eCh0raix samples have been submitted so far. Making the headlines is an updated phone-wiping Android banking trojan called BRATA, which is now looking beyond Brazilian banks these days.
Siemens’ SINEC NMS, a popular tool in use, was found infected with over a dozen vulnerabilities. It invited threats such as arbitrary code execution, SQL injection, and DoS attacks.
DeFi protocol at millions of loss
Inverse Finance suffered a loss of nearly $5.8 million after a cybercriminal pilfered $1.3 million in Tether (USDT) and Wrapped Bitcoin (WBTC) by abusing the flash loan vulnerability. In such attacks, a hacker takes a flash loan from a DeFi platform, uses the borrowed capital, pays it back in the same transaction—causing the price to fluctuate—and then quickly withdraws their investments.
Thousands affected at Staffing firm
Personal data, including name, address, SSNs, and wage and tax information of 1,058 individuals, was leaked in a breach incident at HR consulting firm Robert Half. It is presumed that hackers may have based their attacks on credential stuffing. Users were advised to change account passwords for the same credentials used.
German ministers’ accounts targeted
Email accounts of ministers at the German Green party were hijacked in a cyberattack that hit the party’s IT systems. A total of 12 accounts belonging to the government ministers have suffered. As per claims, the impacted email accounts were not fully compromised as the hackers couldn’t get direct access. However, some of the emails were forwarded to an external server.
NAS users face eCh0raix
A new attack has unfolded on QNAP NAS users by the eCh0raix ransomware group. According to reports, there has been only a few dozen sample submissions on the ID Ransomware platform. The attack vector used in this new eCh0raix campaign remains unknown. Last Thursday, the vendor warned customers against DeadBolt ransomware payloads.
BRATA receives update
Brazilian Remote Access Tool Android, or BRATA, has reportedly been advanced to follow the footsteps of an Advanced Persistent Threat (APT). Researchers at Cleafy observed a campaign by the criminals aimed at obtaining a long-term presence on a targeted network to steal sensitive information from financial apps. It has started targeting customers of the U.K, Spanish, and British banking brands.
Matanbuchus carries Cobalt Strike and Qakbot
Security researchers unearthed a malspam campaign delivering Matanbuchus, which further drops Cobalt Strike beacons on targeted machines. Matanbuchus, a Malware-as-a-Service (MaaS) project, was first spotted in February 2021. Along with Cobalt Strike as a second-stage payload, a research group also witnessed hackers dropping Qakbot, at least in some cases.
Multiple bugs in Siemens' network
Experts at Claroty laid bare details of 15 security flaws in Siemens SINEC Network Management System (NMS). These can be abused—independently or in a combination—to pose numerous risks to Siemens systems, such as DoS condition, credential exposure, and RCE. Flaws, tracked from CVE-2021-33722 to CVE-2021-33736, were fixed by Siemens in version V1.0 SP2 Update 1.