Go to listing page

Cyware Daily Threat Intelligence, April 25, 2022

Cyware Daily Threat Intelligence, April 25, 2022

Share Blog Post

Ransomware attacks are piling up pressure on organizations as threat actors evolve their attack processes. In a new finding, researchers have revealed that the operators behind the Quantum ransomware are leveraging IcedID malware to accelerate the attack process. Consequently, this leaves the defenders little time to identify and thwart such attacks.

In other news, the infostealer malware families are gaining traction in underground forums as cybercriminals add a new malware to the list. Named Prynt Stealer, the malware is capable of harvesting data from a wide range of applications, such as cryptocurrency wallets, messaging platforms, and gaming apps.

Top Breaches Reported in the Last 24 Hours


Phishing against Ukrainian organizations
The CERT-UA has sent out a new alert about phishing attacks targeting organizations in Ukraine. The phishing messages use the subject ‘Azovstal’ and a weaponized Microsoft Office document to unleash Cobalt Strike Beacon in the last stage of the infection chain. The encryption techniques employed in the campaign are associated with TrickBot operators.

T-Mobile confirms attacks
T-Mobile acknowledged that the security of its systems was compromised after the Lapsus$ gang gained access to its networks. The attackers accessed internal networks using stolen credentials. This enabled the hackers to obtain over 30,000 source code repositories, as well as the key to an internal customer account management application called Atlas.

Top Malware Reported in the Last 24 Hours


Quantum ransomware’s speedy attacks
In a new finding, researchers discovered that threat actors behind the Quantum ransomware are leveraging IcedID malware as one of their initial access vectors to accelerate the attack process that lasted for only 3 hours and 44 minutes.

New Prynt Stealer malware
A newly-found Prynt Stealer malware is being offered for sale on underground forums for a small price, The malware is capable of harvesting data from a wide range of applications, such as cryptocurrency wallets, messaging platforms, and gaming apps. Additionally, it can also perform direct financial compromise.

Top Vulnerabilities Reported in the Last 24 Hours


Atlassian patches a critical flaw
Atlassian, last week, announced patches for a critical authentication bypass vulnerability in Jira. The flaw, identified as CVE-2022-0540, can be exploited by sending a specially crafted HTTP request. The fixes are included in versions 8.13.18, 8.20.6, and 8.22.0 or newer.

 Tags

weaponized microsoft office document
t mobile usa
icedid malware
quantum ransomware
prynt stealer

Posted on: April 25, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.