Go to listing page

Cyware Daily Threat Intelligence, April 14, 2022

Cyware Daily Threat Intelligence, April 14, 2022

Share Blog Post

Yet another Russian-linked malware designed to target ICS and SCADA systems has emerged days after the revelation of Industroyer2. Named PIPEDREAM, the malware is considered a ‘Swiss-Army-Knife’ from the CHERNOVITE hacking group. Besides, the OldGremlin threat actor is also making the headlines for launching a new TinyFluff backdoor. The notorious Lazarus is also back with the ‘Operation Dream Job’ campaign spree, targeting organizations in the chemical sector. The campaign has previously targeted individuals in the defense, government, and engineering sectors.

Meanwhile, unpatched routers and IoT devices are at risk of remote hijack as details about a newly discovered Fodcha botnet are revealed. Reports suggest that the botnet has already infected over 60,000 devices worldwide.

Top Breaches Reported in the Last 24 Hours

Chemical sector targeted
The infamous ‘Operation Dream Job’ campaign is back as Lazarus returns with new tactics to target organizations in the chemical sector. The campaign has been active since August 2020 and has targeted people in the defense, government, and engineering sectors. The attack involves the use of fake job offers to lure victims into clicking on malicious links or opening malicious attachments.

Top Malware Reported in the Last 24 Hours

Researchers have uncovered the seventh known malware, called PIPEDREAM, targeting ICS systems. The malware can target a wide range of PLCs from Schneider Electric and Omron. It can also attack other industrial technologies from the likes of CODESYS, Modbus, and Open Platform Communications Unified Architecture (OPC UA).

New Fodcha botnet
A newly discovered Fodcha botnet has infected around 62,000 IoT devices between March 29 and April 10. The botnet is distributed via brute-force attacks and exploits. Most of its infected devices are located in China.

New TinyFluff backdoor
TinyFluff is a new variant of TinyNode backdoor malware. It is being used by OldGremlin threat actor to target Russian organizations. Researchers have noted two phishing campaigns associated with the malware. These campaigns impersonate a senior accountant at a Russian financial organization to warn the targets about the recent sanctions imposed on Russia.

Top Vulnerabilities Reported in the Last 24 Hours

Flaw in Rarible NFT marketplace patched
A now-patched flaw discovered in the Rarible NFT marketplace could have led to account takeover and theft of cryptocurrency assets. The flaw could be exploited by sending a link to a rogue NFT to potential victims.

Cisco issues an update
Cisco has issued updates for a vulnerability affecting its Wireless LAN Controller software. Tracked as CVE-2022-20695, the flaw exists due to improper implementation of the password validation algorithm. The issue has been patched in versions above of the software.

Flaw in Elementor plugin
A critical vulnerability addressed in the Elementor plugin could allow attackers to take control of WordPress sites. The flaw affects version 3.6.0 of the plugin and has been addressed in version 3.6.3.


oldgremlin threat actor
fodcha botnet
chernovite hacking group
tinyfluff backdoor

Posted on: April 14, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.