Go to listing page

Cyware Daily Threat Intelligence, April 18, 2022

Cyware Daily Threat Intelligence, April 18, 2022

Share Blog Post

A new dark web marketplace selling premium data stolen from organizations has come under the spotlight recently. Reports suggest that the threat actors are promoting the Industrial Spy darknet market through malicious executables, software cracks, and adware. In another update, the operators behind Emotet trojan are aggressively targeting systems worldwide by leveraging a variety of maldocs as a lure.

The crypto market has again collapsed due to a new cyberattack during the weekend. The attackers drained out over $180 million worth of cryptocurrency by exploiting a Defi platform, named Beanstalk.

Top Breaches Reported in the Last 24 Hours

GitHub reveals a security breach
GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. The stolen OAuth tokens were linked to two OAuth integrators, Heroku and Travis-CI. The first intrusion was detected on April 12 after the company’s security team identified unauthorized access to its npm production infrastructure using a compromised AWS API key.

Beanstalk Farms loses $182 million
Beanstalk Farms, an Ethereum-based stablecoin protocol, suffered a loss of around $182 million following a cyberattack. The attackers got away with around $80 million of crypto tokens by projecting a flash loan on the lending platform Aave, which is used to amass a large amount of Beanstalk’s native governance token, Stalk.

Top Malware Reported in the Last 24 Hours

Recent Emotet attack trends

Researchers observed that the recent Emotet outbreak is being spread through various malicious Microsoft Office files that come attached with phishing emails. The emails include ‘Re:’ or ‘Fe:’ in the subject line. The attached Excel files and Word documents contain the ‘Enable Content’ button that, if clicked, causes the download of malicious macros.

Top Vulnerabilities Reported in the Last 24 Hours

CISA adds new flaws to its list
The CISA added a VMware privilege escalation flaw (CVE-202222960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. While the privilege escalation flaw affects VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products, the type confusion issue affects the V8 JavaScript engine.

New Threat in Spotlight

Karakurt linked to Conti hacking group
Security researchers have found a connection between Conti ransomware and the recently emerged Karakurt data extortion group. The intelligence team has managed to connect the dots by obtaining remote access to multiple servers that are actively being used as C2 communication systems by threat actors. Since its inception in December 2021, the Karakurt group has claimed more than 40 victims across the globe. 

Industrial Spy marketplace launched
Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies. While the premium stolen datasets are priced at millions of dollars, lower-tier data are sold for as little as $2. The marketplace also offers free stolen data packs in a bid to attract more threat actors to use the site. 


industrial spy marketplace
github repositories
conti hacking group
beanstalk farms
emotet campaign

Posted on: April 18, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.