Cyware Weekly Threat Intelligence - April 19–23

Weekly Threat Briefing • Apr 23, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Apr 23, 2021
The Good
When it comes to energy grids, cyberattackers have become an existential threat. The Department of Energy has, thus, initiated a plan to strengthen the energy sector supply chain in the country. The Justice Department also announced plans to form a dream team to dismantle ransomware operations. Cybercriminals begone!
The U.S. Department of Justice announced plans to build up a new task force to tackle the underlying causes behind the rise in ransomware attacks and disrupt their operations running globally.
The U.K. NCSC released a free cybersecurity training package for teachers and staff to help them mitigate cyber threats while demonstrating case studies for a better understanding of the impact of cyber incidents.
The U.S. Department of Energy, CISA, and the electricity sector are working on a 100-day plan to strengthen the cybersecurity posture of electric utilities, ICS, and the energy supply chain.
The Bad
The attack against Quanta just got bigger with the REvil gang leaking data belonging to high-value organizations. Will Apple pay the $50 million ransom? While we are on the topic of leaked data, another threat actor was found selling almost 50GB worth of sensitive data belonging to an OTP-generating firm. The SolarWinds attack once again grabbed eyeballs as it was found to be associated with the latest Codecov breach.
Login credentials for 1.3 million current and previously compromised Windows Remote Desktop servers were leaked on the UAS dark web market.
The REvil ransomware gang stole massive amounts of data—large quantities of confidential drawings and gigabytes of personal data— from Apple, Dell, HPE, Lenovo, and Cisco.
A misconfigured database leaked names, addresses, phone numbers, social security numbers, and account numbers of Eversource Energy customers.
Bloomberg employees are being impersonated by hackers with the motive to install RAT on target computers. The phishing campaign has, reportedly, been active since 2020 and utilizes the NanoCore tool.
Investigation of the Codecov system breach revealed that it is linked to the SolarWinds attack, attributed to the Russian Foreign Intelligence Service (SVR).
A large-scale scam campaign, with an aim to pilfer login credentials from users, was discovered targeting Facebook Messenger users in over 80 countries.
Google Alerts is still being abused for scams and malware by redirecting users to fake adult sites, fake dating apps, sweepstake scams, and unwanted browser extensions. Such attacks are launched by sending fake Google Alert URLs to unsuspicious users.
A hacker was spotted selling approximately 50GB of sensitive data stolen from OTP-generating companies, including Google, Facebook, Amazon, Emirates, Apple, Microsoft, Signal, Telegram, and Twitter.
New Threats
Seems like it is still open season for ProxyLogon vulnerability exploitation. The week was introduced to quite a few new botnets, one of which has started abusing the ProxyLogon flaws to mine for cryptocurrency. Don’t be fooled by a pretty pink WhatsApp version, it’s a malware! In another vein, threat actors are actively abusing a flaw in Pulse Connect Secure VPN devices. No patch is available as of now.