Cyware Weekly Threat Intelligence - August 07–11

Weekly Threat Briefing • August 11, 2023
Weekly Threat Briefing • August 11, 2023
This week, federal authorities scored a big win against phishing threats. Interpol took down the 16shop PhaaS platform that fueled attacks impacting at least 70,000 users across 43 countries. In parallel, the FBI, the IRS, and authorities in Poland dismantled the bulletproof hosting platform, Lolek. Thus, preventing fraudsters from accessing anonymous tools that could be used to launch malware and botnet attacks.
The aftermath of the MOVEit hack is larger than expected. In the latest update, a state healthcare authority disclosed that its protected Medicaid healthcare information was compromised in the attack. Moreover, the gang behind this sophisticated attack has evolved its extortion strategy by adding victims to torrent sites that are easily accessible by anyone. In different news, a sophisticated campaign exploiting the Log4Shell flaw that went undetected for three years was found impacting several academia, aerospace, government, media, telecommunications, and research institutions.
This week, new variants of SkidMap, Yashma, and SystemBC malware have also been identified in the wild. While the new SkidMap variant was observed targeting a wide range of Linux distributions, the Yashma ransomware variant targeted organizations worldwide by encrypting the files and altering the wallpaper to notify about the attack. The variant of SystemBC, DroxiDat, was used in a ransomware attack launched against a power generation company in South Africa.