Cyware Weekly Threat Intelligence - January 31–04

Weekly Threat Briefing • February 4, 2022
Weekly Threat Briefing • February 4, 2022
The Good
As cyberattacks across the world continue to rise, our governments are fighting back hard. The DHS has created a first-ever cyber review board that brings together security experts from all fields to deal with major cyber incidents. In the same vein, a European Union agency proposed to create a systemic cyber event coordination framework to deal better with critical cross-border cyber incidents impacting the financial sector.
The Bad
Crypto theft is getting worse by the day. Relentless cybercriminals exploited a vulnerability in the Wormhole crypto platform and made away with 120,000 Wrapped Ethereums, causing the company to temporarily shut down operations. The British Council exposed the data of thousands of students, owing to an unsecured Azure database. This incident, once again, displays how important it is to secure cloud databases. As the CISA warns about potential cyber risks to athletes during the Beijing Winter Olympics, researchers discovered that the internal IT network of the National Games of China was breached by some unknown hackers.
New Threats
Iran-based threat actors were pretty active this week as the MuddyWater APT was found conducting cyberespionage activities against Turkish organizations and governmental institutes. The other group—Phosphorous (aka Charming Kitten)—developed a unique backdoor, dubbed PowerLess, with advanced evasive capabilities. This week, we were introduced to a few new malware, among which is the Mars Stealer. It happens to be a redesign but a more powerful version of the Oski malware that disappeared suddenly in the summer of 2020.