Cyware Weekly Threat Intelligence - November 22–26

Weekly Threat Briefing • November 26, 2021
Weekly Threat Briefing • November 26, 2021
The Good
Conti was hacked by security researchers! What can be a better opening to your Friday than this! They found a flaw in the gang’s payment portal and discovered the real IP addresses behind it. However, the operators yet remain unidentified. Talking about the good forces winning over the bad, five members allegedly belonging to the Phoenix group were caught by Ukrainian investigators.
The Bad
Losing data doesn’t only impact an organization but its customers and stakeholders as well. A hard lesson was learned by the Cronin digital marketing agency as it leaked 92 million records, containing important data which can be used by threat actors for future attacks. As the holiday season has already approached, the FBI issued warnings against cybercriminals attempting to dupe shoppers of their sensitive information. The GoDaddy breach took an ugly turn as apart from exposing the data of 1.2 million customers, it also affected Managed WordPress service resellers.
New Threats
Furthermore, we were introduced to a new trojan, named Cynos, that hid in Huawei’s AppGallery and compromised 9.3 million Android users. Another cause of concern for security teams this week was the new Tardigrade malware targeting biomanufacturing facilities with no clear clue of the attackers' objectives. Let us also tell you about this malware loader called RATDispenser that deploys eight RAT families.