Go to listing page

Cyware Daily Threat Intelligence, April 06, 2022

Cyware Daily Threat Intelligence, April 06, 2022

Share Blog Post

The recently disclosed Spring4Shell or SpringShell vulnerability has triggered widespread concern about the possibility of a wave of malicious attacks. Researchers have reported tens of thousands of attempts to exploit the critical flaw within just four days of its revelation. Some of these exploit attempts were observed against Microsoft cloud services to deploy web shells.

Multiple information-stealing campaigns were also observed in the last 24 hours. Two of these campaigns involved the distribution of a new Lightning Stealer malware and the notorious Vidar Stealer, respectively. In another instance, threat actors have been found targeting users in Malaysia by leveraging several fake apps and websites for cleaning services. The ultimate goal of the campaign is to pilfer banking credentials from users.

Top Breaches Reported in the Last 24 Hours


Spear-phishing campaign spotted
Ukraine CERT-UA published a security advisory about spear-phishing attacks conducted by Russia-linked Armageddon APT. The attacks targeted local state organizations with malware. The phishing messages were sent from ‘vadim_melnik88@i[.]ua.’ In another instance, the CERT-UA also revealed a cyberattack that enabled attackers to get session data, a list of contacts, and the history of their Telegram session. The operators leveraged the Telegram website to send malicious links to users.

Parker Hannifin targeted by Conti
The Conti ransomware group has leaked more than 5GB of files allegedly stolen from US industrial component giant Parker Hannifin. As the company continues its investigation, it confirmed that some data, including the personal information of employees, was accessed by hackers.

Cash App breached
Cash App is notifying over 8 million users of a security breach that affected their full names, account numbers, and brokerage portfolio values. The other affected details include passwords, dates of birth, Social Security numbers, addresses, and bank account information of users.

Malaysian users targeted
Researchers uncovered a new cyberespionage campaign targeting Malaysian users. Active since 2021, the campaign primarily targets the customers of eight Malaysian banks - Maybank, Affin Bank, Public Bank Berhad, CIMB Bank, BSN, RHB, Bank Islam Malaysia, and Hong Leong Bank. The attack leverages multiple apps and websites for cleaning services such as Maid4u, Grabmaid, Maria’s Cleaning, YourMiad, Maideasy, and MaidACall to trick users. The goal of the malware operators is to obtain banking credentials from the victims.

Top Malware Reported in the Last 24 Hours


New Lightning stealer
A new .NET-based info-stealer called Lightning Stealer is capable of stealing sensitive details by targeting over 30 browsers, Telegram, Discord, Steam, and crypto wallets. The malware stores the exfiltrated data in JSON format.

New Colibri loader campaign
A newly discovered Colibri loader campaign is being used to deliver the Vidar info-stealer as the final payload. The attack starts with a malicious Word document deploying the loader. Colibri leverages PowerShell to maintain persistence after a reboot.

Top Vulnerabilities Reported in the Last 24 Hours


Dell issues a patch
Dell has pushed patches to fix six vulnerabilities affecting its PowerScale OneFS file system. The most critical vulnerability is tracked as CVE-2022-26851 and has a CVSS score of 9.1. The successful exploitation of the flaw can lead to remote code execution attacks.

Microsoft patches Azure AD
Microsoft patched multiple issues in Azure Active Directory (AD) that were responsible for the leak of internal information such as licensing details, mailbox information, and directory synchronization status. The issues arose due to unauthenticated APIs used by Azure AD.

Updates on Spring4Shell flaw
New research has revealed that attackers made over 37,000 attempts to exploit the Spring4Shell flaw within four days of its discovery. Microsoft, on the other hand, disclosed that some attacks leveraging the critical flaw were observed on its cloud services.

Top Scams Reported in the Last 24 Hours


Rise in money recovery scam 
The Australian Competition & Consumer Commission has issued a warning about the rise in money recovery scams. It is found that scammers are impersonating a money recovery firm, law office, or a special government task force to trick users into filling out fake paperwork that could help them with the recovery of previously stolen funds. The targeted victims are approached via phone or email. The ultimate goal of scammers is to steal identification details from users. Some of these scams also enabled threat actors to gain remote access to victims’ computers or smartphones.

 Tags

springshell vulnerability
vidar stealer
microsoft cloud services
lightning stealer malware

Posted on: April 06, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.