Cyware Weekly Threat Intelligence - August 09–13

Weekly Threat Briefing • Aug 13, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Aug 13, 2021
The Good
Is the enemy of my enemy my friend? Probably not. But, it’s always fun to see threat actors pitting against each other. One such unhappy affiliate from the Conti gang released sensitive information as the former was unhappy about their payment. Talking about hackers, a tool has been developed that can restrict hackers from abusing Cobalt Strike beacons for malware command and control.
Europol detained 23 suspects accused of defrauding companies of more than $1.2 million in multiple BEC scams across 20 countries. Meanwhile, German authorities nabbed four cybercriminals for swindling millions of euros from novice investors through fake websites.
The U.S. Senate set aside more than $1.9 billion in cybersecurity funds for state and local governments to strengthen their cybersecurity posture and help organizations defend themselves.
The CobaltSpam tool developed by Mario Henkel can flood Cobalt Strike servers with fake beacons to debauch the internal databases of compromised systems. This would prevent attackers from differentiating real and fake infections.
An unhappy affiliate linked to the Conti ransomware gang leaked confidential information—screenshots of IP addresses, instructions and training material for new recruits, and how-to guides—on an underground forum.
Researchers presented a scheme—Pretty Good Phone Privacy—that can hide users’ locations from carriers with just a software upgrade.
The Bad
Given the choice between getting free vaccines and paying for a fake vaccine card, which one would you choose? ?Apparently, a lot of people are going for the latter, resulting in a rise in sales of such cards at underground marketplaces. In other news, a Chinese cyberespionage actor is posing as an Iranian threat actor and launching attacks against Israel. Crytek warned its customers of a ransomware attack by Egregor last year. Data was leaked. Yikes!
Waste Management Resources disclosed unauthorized access into its network that exposed healthcare information—social security numbers, dates of birth, and bank account numbers—of current and former employees and their dependents.
A ransomware attack on St. Joseph’s/Candler laid bare the protected healthcare information for both staff and patients. Victims have been informed.
Game developer and publisher Crytek alerted its customers about an Egregor ransomware attack that occurred in October 2020. Criminals leaked the stolen personal data of customers on its leak site.
DeFi protocol and network Poly Network lost more than $600 million in a massive cryptocurrency heist. Hackers reportedly reversed more than $4,772,000 worth of assets in less than 24 hours. However, a majority of the funds have been returned to the firm.
A Chinese cyberespionage group, dubbed UNC215, impersonated Iranian threat actors to target Israeli organizations in a campaign that began in January 2019.
The Joplin City government paid $320,000 in ransom to a ransomware group that briefly impacted the city’s COVID-19 dashboard, online utility payments, and court functions.
Security researchers reported a fake version of the Briansclub[.]com carding shop that was using a similar domain to lure users. The fake website was siphoning off the funds deposited by cybercriminal users of the infamous carding shop.
Flashpoint experts suggest AlphaBay, which used to be the largest darknet marketplace and community, could be returning after four years of hiatus.
The sale of fake COVID-19 vaccine cards has ramped up on the dark web, with most of the sales from the Netherlands, Switzerland, Greece, France, and Italy.
New Threats
This week left researchers questioning the characteristics of a new malware. This newly developed malware calls itself a ransomware but has the features of a wiper. Dubbed Chaos, it may be released in the wild soon. A new smishing scam is causing quite the chaos as it is very persuasive and impersonates an international parcel delivery firm. In another boat, a malvertising campaign was found using a rebranded version of the Cinobi trojan to target Japan.