Go to listing page

Cyware Daily Threat Intelligence, April 20, 2022

Cyware Daily Threat Intelligence, April 20, 2022

Share Blog Post

The Russia-linked Gamaredon APT group has become more active and intense than ever before in the past two months. This is what Symantec researchers have to say about the notorious group as they reveal four distinct variants of the Pteredo backdoor malware. Collectively tracked as Pteranodon, these malware variants are being currently used against organizations in Ukraine. Besides, the scammers are also targeting Ukrainians in an ongoing scam that redirects them to fake donation sites and phishing pages. 

Meanwhile, the Spring4Shell vulnerability continues to haunt organizations that have failed to patch it. Around 700 attempts to exploit the flaw were observed in the first twelve days of April. Most of these were aimed at deploying cryptocurrency miners.

Top Breaches Reported in the Last 24 Hours

Kansas City experiences a cyberattack
The Unified Government (UG) of Wyandotte County and Kansas City experienced a cyberattack at its data centers. According to the UG, it is working with the U.S. Department of Homeland Security, FBI, and Mid-America Regional Council cybersecurity task force to restore data services. It is yet to be determined if any data was compromised.

Top Malware Reported in the Last 24 Hours

New variants of Pteredo backdoor
Russian state-sponsored threat actor group known as Gamaredon has been found targeting Ukrainians with four new variants of the Pteredo backdoor, also tracked as Pteranodon. All the four variants were observed using obfuscated VBS droppers that add Scheduled Tasks and then fetch additional modules from the C2 server. It should be noted that the Pteredo backdoor is still under active development.

Top Vulnerabilities Reported in the Last 24 Hours

CISA updates its exploited vulnerabilities catalog
CISA added three new widely exploited flaws to its Known Exploited Vulnerabilities Catalog recently. The flaws are a Windows Print Spooler vulnerability (CVE-2022-22718), a cross-site scripting vulnerability in Zimbra (CVE-2018-6882), and a buffer overflow flaw in WhatsApp VOIP (CVE-2019-3568).

Google’s update on zero-day flaws
In a new report, Google revealed that it spotted a record of 58 exploited-in-the-wild zero-day vulnerabilities in 2021. Seventeen of these are related to use-after-free vulnerabilities, six are out-of-bound read & write flaws, four are buffer overflow flaws, and four are integer overflow vulnerabilities.

A rise in the exploitation of Spring4Shell flaw 
At least 700 attempts to exploit the Spring4Shell vulnerability have been observed between April 1 and April 12, with a peak of nearly 3,000 exploitation attempts occurring on April 3. Some of these exploitation attempts were aimed at deploying cryptocurrency miners.

Four flaws fixed in AWS
Amazon has released emergency patches following the discovery of serious security flaws existing in the patches issued for the Log4Shell vulnerability. The patches cover a wide range of cloud environments such as Kubernetes clusters, Elastic Container Services (ECS) clusters, and Fargate.

Top Scams Reported in the Last 24 Hours

Fake donation scam
Scammers are taking advantage of the ongoing geopolitical war to deceive Ukrainians, as well as people from other nations, into sending donations to the wrong recipients. The scams are being carried out through fake donation sites, fake Red Cross portals, and social media. In one such instance, the scammer known as @Xenta777 on Twitter had asked people to make military equipment-related donations.  


fake donation scam
gamaredon apt group
known exploited vulnerabilities catalog
zero day vulnerabilities
kansas city area
pteredo backdoor

Posted on: April 20, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.