Cyware Weekly Threat Intelligence June 28–July 02, 2021

Weekly Threat Briefing • July 2, 2021
Weekly Threat Briefing • July 2, 2021
The Good
Finally, some good news to get you ready for the day! DoubleVPN servers have been confiscated by law enforcement agencies from several countries. Systems attacked by Lorenz ransomware have a piece of good news as researchers developed a decryptor.
The Bad
While the SolarWinds attacks witnessed a fallout, another Kremlin-linked hacker group has also upped its malicious activities. Cybersecurity authorities from the U.S. and the U.K issued a joint advisory warning hundreds of organizations about ongoing brute force attacks by the Fancy Bear group. Human errors continue to plague the healthcare sector as UofL Health ended up leaking the PHI of thousands of patients.
New Threats
Some threat actors strive on expanding their capabilities to wreak havoc on as many as organizations possible. One such threat actor, REvil, came up with a Linux version of its ransomware. The TA543 threat actor also revamped its malware and is using that to target organizations in various industries. The week also witnessed a new ransomware that has been linked to the TrickBot gang and shares quite a few similarities with the Conti ransomware.