Cyware Daily Threat Intelligence
Daily Threat Briefing • Jun 27, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jun 27, 2022
From critical to high-severity flaws, Codesys addressed nearly a dozen vulnerabilities that can be abused by hackers even with a beginner-level skill. In the worst-case scenario, these flaws could hamper industrial production and pose a risk of equipment damage. Meanwhile, a hacker is reportedly offering network access to at least 50 different companies.
It’s not a wrap-up without discussing ransomware threats. In one news, LockBit ransomware allegedly stole data from Japanese manufacturer TB Kawashima, while in another it lured potential victims with alleged copyright violations.
Japanese manufacturer hit by ransomware
TB Kawashima disclosed a cyberattack on one of its subsidiaries, causing the shut down of its website. Though no official confirmation, the LockBit ransomware group has listed the firm as one of its recent victims. Lately, hackers leaked some data they stole from the firm. The production and sales activities remained immune to the attack.
Cyberattack at a major steel company
The website of Iran’s Khuzestan Steel Company was brought offline in the light of an attack incident. No particular group has been identified behind this assault. The attack could not make any significant impact because the factory, at the time of the attack, happened to be non-operational due to a power outage.
Millions swindled from a U.S. Crypto Startup
A hacker abused a security bug in the networks of Harmony’s Horizon Bridge to steal $100 million in cryptocurrency, including Ethereum, Binance Coin, USD Coin, Tether, and Dai. Responding swiftly to the attack, the company had stopped operating Horizon bridge to prevent further infection.
That’s a fake copyright claim!
LockBit ransomware affiliates were found delivering LockBit ransomware through fake claim e-mails wherein they tricked users by sending a warning about a copyright violation. The email alleges them of using media files without the creator's license and advises them to remove the infringing content from their websites. Opening the attachment begins the operation.
Ukraine warns of DarkCrystal deployment
CERT-UA noted that Ukrainian telecommunications organizations face increased threats from the DarkCrystal RAT operators. Cyber adversaries' end malspam messages that have “Free primary legal aid” as a subject and use a password-protected attachment “Algorithm of actions of members of the family of a missing serviceman LegalAid.rar.”
Hackers selling network access for 50 firms
The Rapid7 Threat Intelligence team discovered a hacker offering access to about 50 vulnerable Atlassian networks in the underground marketplace. The actor exploited the recently disclosed Atlassian Confluence zero-day. Researchers are attempting to identify the 50 impacted companies and notify them.
Codesys patches 11 bugs affecting ICS
Codesys fixed multiple vulnerabilities, reported by a Chinese cybersecurity firm, inside its industrial automation solutions. Most of these vulnerabilities can be easily exploited, causing sensitive information leakage, triggering faulty states in PLCs, and remote code execution. More than half of the flaws can be exploited for DoS conditions.