Cyware Weekly Threat Intelligence - February 12–16

Weekly Threat Briefing • February 16, 2024
Weekly Threat Briefing • February 16, 2024
In a decisive week of cyber enforcement, the DOJ, alongside international partners, took down the Warzone RAT malware operation, arresting suspects in Malta and Nigeria for their roles in enabling cybercriminals to steal information and spy on victims. Concurrently, the U.S. government disrupted a MooBot botnet, used by Russia-linked APT28 for cyberespionage through vulnerable Ubiquiti routers, demonstrating unparalleled global cooperation against cyber threats.
This week, the cybersecurity landscape was shaken by significant breaches and cyberattacks across the globe. In Romania, the DNSC revealed the Backmydata ransomware's wider impact on the Hipocrate Information System, affecting 100 hospitals. Across the Atlantic, Integris Health reported a cyberattack compromising the data of 2.4 million individuals, with no network interruption but resulting in extortion attempts. Meanwhile, France faced its largest cybersecurity incident, with nearly 33 million people affected by breaches at healthcare payment servicers Viamedis and Almerys, exposing sensitive personal and insurance information.
In a striking display of cybercriminal innovation and resilience, the cybersecurity community faced formidable challenges as advanced malware campaigns resurfaced with new tactics and targets. The Glupteba malware made a notable comeback, introducing a previously unseen UEFI bootkit. Meanwhile, a new threat emerged with GoldPickaxe, a sophisticated trojan aimed at stealing facial biometric data and crafting deepfake videos to circumvent banking security measures. Adding to the digital onslaught, the Bumblebee malware reemerged with a revamped attack strategy, leveraging social engineering through deceptive emails.