Cyware Weekly Threat Intelligence - November 06–10

Weekly Threat Briefing • November 10, 2023
Weekly Threat Briefing • November 10, 2023
Securing critical infrastructure and sensitive data from sophisticated cyberattacks is a crucial parameter for smooth business operations. Keeping this in mind, the DHS, along with the CISA and the FEMA, launched a new project named Shields Ready, that outlines strategies for organizations to identify critical assets, assess risks, and improve incident response plans. In another development, the NIST updated its security guidelines for controlled unclassified information, to protect data stored and transmitted across federal agencies and government contractors.
The infamous Cl0p ransomware group made it back in the headlines for exploiting a zero-day flaw in the SysAid IT service management software. Microsoft reported that Lace Tempest, an affiliate associated with Cl0p, leveraged the flaw to deliver Gracewire malware. Meanwhile, a new victim confirmed being targeted by the MOVEit hack. The government of Maine revealed that the personal information of over a million state residents was stolen by the Cl0p group in the hack. In another concerning event, a threat actor named USDoD dumped a scraped LinkedIn database that contained the personal information of over 35 million users.
Moving on to other threats, researchers observed a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The Agonizing Serpens APT group launched three new wiper malware against Israeli education and technology sectors. Iranian Imperial Kitten APT group leveraged compromised websites to infect Israeli entities with IMAPLoader and eventually dropped a RAT. The week also witnessed a new RedLine stealer campaign that leveraged a Windows news portal for propagation.