Cyware Daily Threat Intelligence
Daily Threat Briefing • May 11, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • May 11, 2023
Another covert activity aimed at intelligence gathering and data theft has been reported in Central Asia. A state-sponsored group is suspected to be behind the cyberespionage activity targeting government institutions in the region. The group used a never-before-seen, fileless malware strain DownEx, which can exfiltrate sensitive data from a variety of sources. Meanwhile, a recently discovered security issue in the Linux kernel is raising concerns. The bug has the potential to allow an unauthenticated local user to elevate through privileges to root level, and even grant them full control over the compromised system.
The cyber landscape witnesses frequent targeting of routers. Lately, cybersecurity firm Claroty warned of five vulnerabilities in Netgear routers that, when combined, could be exploited to potentially enable threat actors to hack specific routers.
Art museum shuts down
The National Gallery of Canada revealed it was targeted by a ransomware attack that knocked its IT systems offline. One of the largest art museums in North America (by exhibition space) confirmed that no customer data was stolen during the attack. Meanwhile, no ransomware group has come forward to take responsibility for the attack.
Healthcare facility targeted in Korea
After a two-year-long investigation, the Korean National Police Agency (KNPA) uncovered facts of a cyberattack by North Korean hackers on Seoul National University Hospital. The hacking incident infiltrated the hospital's network between May and June 2021 that culminated in data exposure for 831,000 individuals. The leak includes confidential medical information and personal data of visitors and employees.
DownEx malware arrives in Central Asia
A cyberattack campaign was observed against foreign government institutions in Kazakhstan and Afghanistan using decoy documents that impersonate real diplomats. Attackers used a new malware family dubbed DownEx by Bitdefender Labs. It can move laterally to traverse local and network drives to extract a wide range of files from various formats, including Word, Excel, and PowerPoint documents, videos, images, PDFs, and compressed files.
**Malvertising campaign drops Aurora Stealer **
Cybercriminals were found distributing Aurora information-stealing malware via a simulated Windows update within the browser, in a malvertising campaign. Researchers identified more than a dozen domains used in the campaigns, several posing as adult websites. Adversaries mask the 'Invalid Printer' malware loader as a Chrome updater. The so-called fully undetectable (FUD) tool is arguably utilized by a specific threat actor.
Zero-click bug in MSHTML
Windows MSHTML platform suffered a security flaw that affected all supported versions of Microsoft Windows. An attacker could dodge security checks by crafting a malicious URL. Identified as CVE-2023-29324 (CVSS score: 6.5), the flaw was addressed by Microsoft with the release of Patch Tuesday security updates for May 2023. The issue causes MapUrlToZone, a Windows API function, to misinterpret a remote path for a local one.
An unpatched Linux Kernel bug
Security researchers Patryk Sondej and Piotr Krysiuk laid bare a vulnerability tagged CVE-2023-32233 in the Linux NetFilter kernel. Researchers have created and shared a proof-of-concept exploit code for the vulnerability. Gaining root-level access to Linux servers is highly advantageous for hackers, however, attackers must have local access to the system before exploiting the bug.
Routers on the verge of compromise
Netgear has fixed five high severity bugs; their exploitation could lead to RCE, authentication bypass, and command injection attacks. Upon successful exploitation, attackers can access and take over control of smart connected devices (security cameras, smart locks, thermostats,). They can even alter router settings such as credentials or DNS settings.