Cyware Daily Threat Intelligence
Daily Threat Briefing • Oct 22, 2021
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Oct 22, 2021
Frankenstein’s monster is back, only this time to harvest credentials from Microsoft Office 365 users. Threat actors were spotted using a never-before-seen TodayZoo phishing kit to dodge email security checks while infecting their victims. Dubbed as Franken-Phish, the campaign was active from April through May.
The infamous Evil Corp has switched to new ransomware branding called Macaw Locker to avoid US sanctions that avert victims from paying ransom demands. The newly found ransomware generates ransom messages in each folder that contain encrypted files. In other threats, gamers in South Korea are being targeted in an ongoing campaign that distributes njRAT, UDP RAT, and other malware.
Top Breaches Reported in the Last 24 Hours
Atento hit
A cyberattack at customer relationship management firm Atento has affected its operations. The company is yet to ascertain the extent of the attack.
Gigabyte firm breached
The threat actors behind AvosLocker ransomware have claimed attacks on tech giant Gigabyte. Following the attack, they have leaked a portion of the files as proof. The stolen data appears to contain confidential details regarding deals with third-party companies and information about employees.
RATs target South Korea
Users in South Korea are being targeted in an ongoing malware campaign that distributes a variety of trojans. The trojans are propagated via an adult game on WebHard and torrent. Some of the trojans include njRAT and UDP RAT.
FiveSys rootkit
A newly discovered rootkit called FiveSys has been found to be used against users in China. The purpose of the rootkit is to redirect the internet traffic and attempts to block its competitors’ access to the infected system.
TodayZoo phishing campaign
Microsoft has disclosed a new phishing campaign that involved the use of a phishing kit called ZooToday. The campaign, termed as Franken-Phish, is aimed at stealing passwords from Microsoft 365 users.
Ferrara hit
Chicago-based Ferrara was hit in a ransomware attack earlier this month. Following the attack, the attackers encrypted some of its systems.
Top Malware Reported in the Last 24 Hours
New Macaw Locker ransomware
Macaw Locker is a newly found ransomware associated with the Evil Corp group. The ransomware uses the same name as an extension to append the encrypted files. It creates a unique ID on the Tor website to negotiate with each victim.
Top Vulnerabilities Reported in the Last 24 Hours
Exploitation of Atlassian’s flaw
Several attack campaigns leveraging the exploitation of vulnerabilities in Atlassian’s Confluence were noticed throughout September. Some of these threats included cryptojacking, fileless attacks, and deployment of Setag backdoor. The flaw is tracked as CVE-2021-26084 and patches for the same are already out.
Flaws in AUVESY products
A total of 17 vulnerabilities have been identified in products manufactured by AUVESY. These vulnerabilities can be exploited to bypass authentication, elevate privileges, obtain hardcoded cryptographic keys, execute arbitrary code, and cause a denial of service attack. The vendor has patched all the flaws.