Cyware Daily Threat Intelligence
Daily Threat Briefing • Sep 13, 2021
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Sep 13, 2021
The threat landscape is constantly evolving and threat actors show no signs of slowing down. A two-year-old spam campaign associated with the notorious APT-C-36 threat actor group has been revamped to distribute another malware, dubbed BitRAT, as the final payload. Researchers’ telemetry shows that the campaign has affected organizations in the financial, healthcare, and government sectors across South America.
Besides, the old-school phishing email attack vector was used in another cyberespionage campaign spreading a new variant of the Dridex trojan. Meanwhile, a North Korean threat actor group Kumsong 121 used the same attack vector to trick computer and phone users into sharing their sensitive details.
Top Breaches Reported in the Last 24 Hours
Olympus targeted
Japanese technology manufacturer Olympus has become the latest victim of the BlackMatter ransomware attack. This had affected business units in Europe, the Middle East, and Africa. The attack occurred on September 8.
Kumsong 121 attacks users
A North Korean threat actor group Kumsong 121 has been spotted launching a cyberattack campaign targeted against computer and mobile users. The campaign leverages social media platforms followed by phishing emails to trick users into downloading malicious documents. The ultimate goal of the attack is to pilfer the private information of users.
NYS Excelsior app loophole
New York users are being urged to update the NYS Excelsior Pass app that can allow attackers to create and store fake COVID-19 vaccine credentials. The issue can be used as a possible attack vector against the application and the system in general.
Government agency attacked
A ransomware attack has crippled the email and bail services at the Department of Justice and Constitutional Development of South Africa. However, the department claims that no data has been exfiltrated during the attack.
Update on Puma security breach
A latest update reveals that hackers stole source code for an internal application in the recent attack on Puma. The company confirmed that no consumer or employee data was affected in the breach.
Top Malware Reported in the Last 24 Hours
New Dridex variant
A new variant of Dridex trojan is being distributed in the wild via phishing emails with malicious Excel attachments to target users. The new malware variant uses multiple anti-analysis techniques to prevent detection in addition to data-stealing capabilities.
BitRAT spotted
Researchers have uncovered a new spam campaign that distributes BitRAT. Associated with the APT-C-36 aka Blind Eagle threat actor group, the campaign is targeted against organizations in South America. The campaign is propagated via phishing emails that pretend to be from Colombia’s national directorate of taxes and customs, Dirección de Impuestos y Aduanas Nacionales (DIAN).
Top Vulnerabilities Reported in the Last 24 Hours
WordPress 5.8.1 fixed
WordPress has fixed three security vulnerabilities in version 5.8.1. Two of these flaws are related to a data exposure issue involving the REST API, and a cross-site scripting flaw in the block editor. These vulnerabilities affect WordPress versions between 5.4 and 5.8.
Citrix issues security patches
Citrix has released patches for several vulnerabilities found in Hypervisor. The most severe of these flaws is tracked as CVE-2021-28697, which has a CVSS score of 7.8. Other significant flaws include page mapping and a privilege escalation issue.