Cyware Weekly Threat Intelligence - May 08–12

Weekly Threat Briefing • May 12, 2023
Weekly Threat Briefing • May 12, 2023
Taking down cybercrime operations requires diligent efforts and cooperation between national and international law enforcement agencies. Setting another such example, the FBI led an operation to dismantle the infrastructure behind the Snake malware used by Russian state actors. In a bid to improve cloud security, an open-source tool was launched this week to make a Kubernetes Bill of Materials (KBOM) standard accessible for security teams.
It’s not all sunshine and rainbows in the cyber landscape as cyber intruders continue to cause disruptions at numerous organizations. Some of the prominent victims this week include a U.S. food distributor, an iconic Canadian art gallery, and a SaaS provider for the education sector. Even more concerning, a new threat actor has surfaced with a track record of 350 BEC attack campaigns, carried out in a span of two years.
This week saw the discovery of multiple new malware threats. This included two ransomware groups, namely Akira and Cactus. While Akira targets enterprise networks to extract up to millions of dollars in ransomware, Cactus is noteworthy for its unique self-encryption features that enable it to avoid detection by security solutions. Meanwhile, the Papercut vulnerability saga continues to threaten vulnerable servers with the release of a brand new exploit and the discovery of two Iranian state-backed threat actors abusing the flaw.