Go to listing page

Cyware Daily Threat Intelligence, April 15, 2022

Cyware Daily Threat Intelligence, April 15, 2022

Share Blog Post

Telegram and Discord are again in the threat spotlight. A threat actor dubbed Haskers Gang is actively using the platforms to promote a newly discovered information-stealing malware named ZingoStealer that comes with the capabilities of XMRig miner and RedLine Stealer. A new email phishing campaign delivering IcedID trojan has also been spotted in the last 24 hours. The campaign targets Ukrainian government agencies using vulnerable Zimbra software. 

Meanwhile, the FBI linked the $600 million cryptocurrency heist that targeted the players of the popular video game Axie Infinity to the infamous North Korean cybercrime groups - Lazarus and APT 38. The attackers had exploited a network used to send cryptocurrency to carry out the heist. 

Top Breaches Reported in the Last 24 Hours

Football Federation targeted
The Royal Spanish Football Federation (RFEF) has reported a cyberattack. It revealed that documents and information from email accounts, private text messages, and audio conversations of top executives were stolen by attackers. The firm is investigating the extent of the attack along with the police.   

Over $600 million in cryptocurrency stolen
The Federal agency has blamed Lazarus and APT38 hacking groups for stealing more than $600 million in cryptocurrency from players of the popular video game Axie Infinity. The incident occurred on March 23 and was carried out by exploiting a network used to send cryptocurrency from one blockchain to another. 

Conti claims attack on Nordex
Conti claimed the responsibility for a recent attack on Wind turbine Nordex. Reports suggest that attackers made the stolen data public on April 14. Earlier this week, the firm said it was working on restoring the affected systems. 

Top Malware Reported in the Last 24 Hours

New ZingoStealer malware
A newly found ZingoStealer information-stealing malware has emerged in the threat landscape. The new malware is available on Telegram and Discord platforms for free. Promoted by Haskers Gang, ZingoStealer includes the capabilities of RedLine Stealer and XMRing malware. Since its inception, malware has been used to target gamers in Russia. 

New IcedID malware campaign
Ukrainian government agencies are being infected with the IcedID trojan that is delivered via phishing emails. The emails include a malicious document that if opened, causes the download of GzipLoader malware. The campaign is attributed to the UAC-0041 threat cluster and leverages a known vulnerability (CVE-2018-6882) in Zimbra software.   

Top Vulnerabilities Reported in the Last 24 Hours

Citrix issues patches
Citrix has issued patches for multiple vulnerabilities found across its products. One of these is rated high-severity and is tracked as CVE-2022-27505. It affects SD-WAN and is related to Cross-Site Scripting vulnerability. Other affected products are XenMobile Server, StoreFront, Citrix Secure Access for Windows. 

Top Scams Reported in the Last 24 Hours

Fake bank alerts
The FBI has warned that cybercriminals are attempting to trick American users into making instant money transfers using text messages with fake bank alerts. This involves threat actors calling victims from phone numbers that spoof the banks’ legitimate support numbers. The victims are convinced about a fake money transfer that has been done from their accounts. Under the pretext of reversing fake money transfers, victims are swindled into sending payments to bank accounts under the control of cyber actors.

Free gifts scams
A series of SMS messages that promise free gifts in return for bill payment is doing the rounds. The SMS includes a link along with a message which reads ‘Free Msg: your bill is paid for March. Thanks, here’s a little gift for you [URL removed].’ Once the mobile users click on the link, it redirects them to a broken URL for Facebook or Twitter for carrying out malicious activities.


zingostealer malware
royal spanish football federation rfef
icedid malware campaign
xmrig miner
gziploader malware

Posted on: April 15, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.