Cyware Weekly Threat Intelligence - February 05–09

Weekly Threat Briefing • February 9, 2024
Weekly Threat Briefing • February 9, 2024
In a week of significant cybersecurity developments, the Linux Foundation introduced the Post-Quantum Cryptography Alliance with industry behemoths such as Google and IBM. Parallelly, the U.S. government took a decisive stand against the global misuse of commercial spyware, implementing visa restrictions on individuals linked to espionage activities that have ensnared governments and corporations worldwide.
Cybersecurity challenges escalated as Hyundai Motor Europe admitted to a ransomware attack by the Black Basta group, with claims of 3TB of stolen corporate data. In a separate incident, HPE grappled with allegations of sensitive data theft by a threat actor named IntelBroker, prompting a thorough investigation that traced the compromised data back to a test environment. Meanwhile, Dutch intelligence agencies disclosed a sophisticated cyberattack by Chinese state-backed attackers on Dutch military systems, exploiting a zero-day vulnerability in Fortinet VPN technology.
Raspberry Robin malware operators adopted a shift in strategy, who now expedite their attacks by purchasing newer, less-than-a-month-old exploits. Additionally, a newly identified banking trojan named Coyote has emerged, targeting numerous online banking applications in Brazil with the potential for global impact. Furthermore, AhnLab discovered a RAT, disguised as gambling content and spread through malicious shortcut files.