Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 29, 2022

A doppelganger of the Chaos ransomware strain has come to light. The malware targets Windows and Linux devices for cryptomining and launching DDoS attacks. The cyber landscape is getting even more chaotic with the release of the cracked version of the most advanced red team and adversary simulation software, Brute Ratel C4 (BRC4), in darknet marketplaces. Preliminary investigation points toward the involvement of a Russian-speaking group known as Molecules.

Meanwhile, four security holes were found in Layer-2 (L2) network security controls in multiple Cisco routers and switches. Over 200 vendors were warned against the flaws that could be exploited to carry out DoS or Man-in-the-Middle (MitM) attacks.

Top Breaches Reported in the Last 24 Hours

Abrupt notification pushed to Apple News users

U.S. business publication Fast Company was breached and the network had to be pulled offline in the wake of the hacking incident. The breach impacted its internal systems, enabling hackers to send offensive push notifications to Apple News users. Hackers claimed they infiltrated Fast Company’s network through weak default passwords on a WordPress instance used by the company.

Top Malware Reported in the Last 24 Hours

Chaos malware for cryptomining and DDoS

Black Lotus Labs detected a multifunctional Go-based malware, dubbed Chaos, purposed to target a wide range of devices, including small office/home office (SOHO) routers and enterprise servers. The malware samples were likely written by Chinese actors, and rely on a China-based C2 infrastructure, with key attack features being DDoS and cryptomining. Most of its bot infections were located in Europe, specifically Italy.

Brute Ratel crack spreads

Some cybercriminals have successfully cracked and released the Brute Ratel C4 (BRC4) post-exploitation toolkit in underground forums. The adversary simulation software, unlike Cobalt Strike beacons, is less popular but exhibits similar capabilities. Another instance was earlier shared by Palo Alto Networks Unit 42, which warned against the abuse of legitimate BRC4 in attack campaigns to evade detection.

New job lures drop Cobalt Strike

A phishing campaign impersonating a government organization in the U.S. and a trade union in New Zealand attempts to deliver Cobalt Strike beacons on infected endpoints. The campaign exploits CVE-2017-0199, an RCE bug, that involves a multistage and modular infection chain with fileless, malicious scripts. The payload identified is a leaked version of a Cobalt Strike beacon.

Top Vulnerabilities Reported in the Last 24 Hours

Bugs in Cisco L2 network security controls

Tens of Cisco routers and switches were observed prone to bypass vulnerabilities in the Layer-2 (L2) network security controls. Researchers reported a total of four bugs, namely CVE-2021-27853, CVE-2021-27854, CVE-2021-27861, and CVE-2021-27862. An attacker can send specially crafted packets to bypass the controls provided by these enterprise devices, triggering a DoS or performing a MitM attack.

**New Threat in the Spotlight **

Military and weapons contractors under attack

Security researchers at Securonix disclosed details about a new campaign aimed at multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The attack begins with a phishing email sent to employees. With mild confidence, researchers attributed the attack campaign to APT37, owing to similarities to its attack history.

Related Threat Briefings