Cyware Weekly Threat Intelligence, March 15 - 19, 2021

Weekly Threat Briefing • Mar 19, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • Mar 19, 2021
The Good
This week, we have an important update in the response to recent supply chain hacks. The CISA released a forensics collection tool, named CHIRP, that would help identify malicious activity connected to the SolarWinds attack. In another boat, the TIA published a white paper detailing supply chain security standards for the telecommunications industry.
Now, the pièce de résistance. Raise your glasses to make a toast as we have a piece of terrific news for you. Cyware, the industry’s only Virtual Cyber Fusion platform provider, raised $30 million in Series B funding, led by Advent International and Ten Eleven Ventures. And the best part is that we closed this round just within seven months of the previous one.
The Spanish Police confiscated servers and arrested the developers of Mobdro, an Android app that entrapped smartphones into proxies and DDoS botnets.
The U.S. Department of Justice (DOJ) indicted a Swiss national for attacking more than 100 organizations and publishing proprietary information on their online website. Among the companies hacked, include Verkada, Intel Corp, and Nissan Motor Co.
The CISA released a new tool to identify post-compromise malicious activity related to the SolarWinds hack. Named CISA Hunt and Incident Response Program (CHIRP), the Python-based forensics collection tool has been designed for Windows OS.
The Telecommunications Industry Association (TIA) published a new white paper on SCS 9001, the first process-based supply chain security standard for the ICT industry. The new standard will be released later this year.
The Bad
Just because today’s newsletter has brought along a horde of precious news, we are not free from the kerfuffle caused by cyberattacks. More SolarWinds news. Mimecast confirmed falling victim to the attack and losing some of its source code to the hackers. The now-defunct data leak site, WeLeakInfo, got info of its own customers leaked. Pretty ironic, no?
Security agencies were found leaking troves of sensitive data in a major security lapse. Among the exposed data, includes the name of the author, operating system, author email, device details, file path information, and name of the PDF app.
Around 103GB worth of data belonging to New Jersey-based Descartes Aljex Software was left exposed due to a misconfigured AWS S3 bucket. This affected more than 4,000 people that included customers, company employees, sales reps, and people working for third-party.
Mimecast revealed that SolarWinds attackers broke into its internal network and downloaded source code from a limited number of repositories. The attackers, moreover, gained access to a subset of email addresses, salted and hashed credentials, and contact info.
A threat actor leaked data, including customer and payment information, from the WeLeakInfo data breach site and published it on another hacker forum - RaidForums.
Two cryptocurrency portals—Cream Finance and PancakeSwap services—are currently dealing with DNS hijacking attacks that redirected visitors to fake versions of their websites. The crooks attempted to collect seed phrases and private keys from visitors to gain access to wallets and steal their funds.
The Canada Revenue Agency locked more than 800,000 taxpayers out of its platform on Saturday after it detected unauthorized third-party access. Following the attack, the attackers had obtained access to usernames and passwords.
The infamous China Chopper web shell has been detected in Exchange Server-related attacks, alongside DearCry ransomware deployment. The web shell is one of the tools used by the Hafnium threat actor group.
Around 20 popular travel apps are at risk of exposing data due to several misconfiguration issues. These apps are mainly related to booking and ride-sharing apps. The data that could be exposed includes bank account numbers, phone numbers, home addresses, credit card details, healthcare data, and dates of birth.
New Threats
So, what do we have here? This week handed us a new botnet that takes after the infamous Mirai. A new espionage campaign has come to the light and is attributed to the RedDelta threat actor. In other news, a malware crypter has been identified that has been in use by 30 hacker groups! More news below.