Cyware Weekly Threat Intelligence - April 10–14

Weekly Threat Briefing • April 14, 2023
Weekly Threat Briefing • April 14, 2023
Traditional security models are no longer enough to protect systems, networks, and data from advanced and sophisticated cyber threats. Organizations should adopt better security practices and guidelines that are built on observations and experiences from past security incidents. Keeping this in mind, the CISA has issued an updated version of the Zero Trust Maturity Model for public and private sectors, based on suggestions from the public on the previous version. Besides this, the agency has published a separate guideline to enhance the security of technology products shipped to customers.
Despite these positive developments, several organizations fell victim to different security incidents that either led to the exposure of sensitive data or the loss of funds. While a cryptocurrency firm announced a loss of $23 million worth of cryptocurrencies in a hack, a security lapse at a Canada-based cloud accounting startup caused the leakage of personal details of over 30 million users online. In other news, threat actors have dumped the personal data of over 400,000 Kodi users on underground forums, thus increasing the risk of identity theft.
Coming to threats, QBot returned in a fresh attack campaign that targeted Korean users. A new RaaS gang was also discovered by researchers this week. Tracked as Read The Manual (RTM) Locker, the group is skilled in launching ransomware attacks against high-value organizations and later uses affiliates to initiate ransom negotiations. There were also reports of misuse of well-known ChatGPT and Chrome browser apps to propagate RedLine stealer and Monero mining malware, respectively.