Go to listing page

Cyware Daily Threat Intelligence, April 05, 2021

Cyware Daily Threat Intelligence, April 05, 2021

Share Blog Post

A cup of coffee and the latest happenings in the cyberthreat landscape are sure to take away your Monday blues. Facebook is under fire again for failing to protect its users’ data. As a result, a threat actor has leaked the personal details of around 533 million users on a cybercrime forum. 

Conti ransomware gang added new victims to its list by stealing sensitive data from Broward County public schools. The attackers have demanded $40 million in ransom to prevent the leak of data that belongs to both students and employees.

A cyberespionage campaign associated with the lesser-known Cycldek threat actor group has left researchers baffled. The campaign, targeted against Vietnamese organizations, also gave rise to two new malware named FoundCore and DropPhone.    

Top Breaches Reported in the Last 24 Hours

Facebook data leaked
Data of 533 million Facebook users have been posted on a cybercrime forum. The leaked data includes phone numbers, Facebook IDs, birth dates, gender, and location. The data is being offered in 106 separate download packages, with the data split on a per-country basis. 

Applus Technologies attacked
A malware attack on emission testing company Applus Technologies has disrupted the operations in the company branches located in Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. The attack was first detected on March 30. 

Broward county schools attacked
Conti ransomware has claimed its attack on Broward County Public schools and demanded a $40 million ransom to prevent the leak of students’ and teachers’ personal information. The stolen data comprises more than 1TB of files that include social security numbers, addresses, birth dates, and contact information. 

Top Malware Reported in the Last 24 Hours

Phobos ransomware upgraded
Phobos ransomware has added new fileless and evasive techniques to its arsenal. Distributed via PowerShell scripts, the new sample was obtained from an attack that happened in March. 

New malware found
The Chinese Cycldek threat actor group has been found to be associated with a cyberespionage campaign between June 2020 and January 2021. The campaign, which was launched against dozens of organizations in Vietnam, saw the distribution of two new malware named FoundCore and DropPhone. 

GitHub abused
Threat actors are abusing the GitHub Actions feature in an attempt to inject malicious code to mine cryptocurrencies. The attacks have been happening since November 2020. The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository in order to merge the code back into the original.  

 Tags

dropphone
conti ransomware gang
applus technologies
cycldek threat actor
foundcore

Posted on: April 05, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Learn More About Cyware Solutions!