Cyware Weekly Threat Intelligence, April 11 - 15, 2022

Weekly Threat Briefing • April 15, 2022
Weekly Threat Briefing • April 15, 2022
The Good
There’s always something good to look forward to. Finally, Microsoft took control of 65 domains that the chaotic ZLoader threat actors were leveraging to control, expand, and communicate with its botnet. In parallel, the law enforcement authorities shut down the dark web marketplace RaidForums.
The Bad
In other updates, the Conti ransomware group is still running its business, despite the massive leak of its source codes. The group added three new organizations—Nordex, Snap-on, and Panasonic Corp.—to their list of victims. Security experts also expressed their concerns as the NB65 hacking group took advantage of Conti’s leaked source code to target organizations in Russia. The notorious Lazarus was also spotted making a comeback with fake job offer lures to ensnare individuals working in the chemical sector.
New Threats
Researchers warned about a set of five new vulnerabilities that could put impact patient care. Microsoft identified a new defense evasion malware, named Tarrask, that leverages a zero-day flaw in Windows task scheduling. Besides, two new deadly botnets—called Enemybot and Fodcha— capable of launching massive DDoS attacks were also unearthed in two disparate campaigns. Additionally, a new version of RedLine Stealer is gaining popularity in cybercrime forums for its ability to pilfer credentials from web browsers, cryptocurrency platforms, and email accounts.