Cyware Daily Threat Intelligence, August 22, 2019

See All
Spoofing login pages of government agencies to pilfer credentials and other sensitive information is one of the lucrative attack vectors for cybercriminals. In a new massive phishing campaign discovered by security researchers, it has been found that attackers have targeted  several foreign ministries, think tanks and research-oriented organizations utilizing fake login pages. Some of the victim organizations are the French Ministry for Europe and Foreign Affairs (MEAE), Stanford University, Royal United Services Institute (RUSI) and Congressional Research Service. 

The past 24 hours also saw new activities related to Neutrino botnet and NanoCore RAT. While the Neutrino botnet has hijacked 159 PHP web shells over a year to distribute cryptominers, a new variant of NanoCore RAT was found to be offered on the dark web for free.  

The gaming platform Steam has again come under fire after the revelation of a second zero-day vulnerability. It is a privilege escalation vulnerability that can affect 96 million Windows clients. The flaw can allow attackers with limited rights to use a technique known as Bait and Switch to run malicious code on victims’ machines. 

Top Breaches Reported in the Last 24 Hours

Info of US troops stolen
New details related to the massive 1 million South Korean credit card hack have emerged recently. It is expected that thousands of US service members in South Korea may have been impacted in the breach. At least 38,000 U.S-issued payment cards from the compromised one million credit cards have been put for sale on the dark web.

700 GB data leaked
A hacker group which goes by the Twitter handle account ‘LaGorraLeaks’ had leaked 700 GB of data obtained from the government of Argentina on August 12, 2019. This included confidential documents, wiretaps and biometric information from the Argentine Federal Police. The leaked information also contained personal data of police officers. The attack was conducted to point out the security flaws in the system.

$2.5 million ransom 
The threat actor that hit 23 government agencies across Texas has demanded a ransom of $2.5 million to decrypt the locked files. Most of the affected entities were smaller local government bodies. The Texas Department of Information Resources disclosed that the ransomware that infected the networks appended the encrypted files with .JSE extension.  

Top Malware Reported in the Last 24 Hours

Multiple foreign ministries targeted
A new phishing campaign that leverages fake login pages as an attack vector has been found targeting multiple foreign ministries, think tanks, email service providers and research-oriented organizations. The campaign is linked to the recent North Korean campaign called ‘Smoke Screen’. The targeted organizations include French government agencies, Stanford University, Royal United Services Institute and Ministry of Foreign and European Affairs of the Slovak Republic. 

Microsoft 365 users tricked
A new phishing campaign that attempts to steal credentials from Microsoft Office 365 users, has been observed by security researchers. The attackers behind the campaign have been found utilizing fake ‘login’ pages that bear a resemblance to Office 365 images and logos. The interesting aspect of the campaign is that operators are using Microsoft’s Azure Blob storage cloud solution to host their phishing pages. 

Neutrino is alive and active
A major botnet operation related to Neutrino has been found hijacking web shells of other malware operations for more than a year. The purpose behind this is to install cryptomining malware. For this, the botnet has compiled a list of 159 PHP web shells, which can be brute-forced in an attempt to compromise servers. 

New version of NanoCore RAT
Researchers have found a new version of NanoCore RAT. The malware variant, dubbed as  NanoCore v1.2.2, is being offered on the dark web for free. The malware can be used to attack Windows systems, with its ability to steal passwords, perform keylogging and secretly record audio and video footage using the webcam. 

Top Vulnerabilities Reported in the Last 24 Hours

Another critical bug in Steam
A second zero-day vulnerability impacting Steam Windows client has been disclosed by a security researcher. It is a privilege escalation vulnerability that can affect 96 million Windows users. As per the researcher, the flaw can allow attackers with limited rights to use a technique known as Bait and Switch to run malicious code on victims’ machines.

Vulnerable bb-builder
A malicious package that affected all versions of bb-builder was removed from the npm repository. The package ran an executable targeting systems running Windows OS. It later stole the sensitive information and sent them back to a remote server. 
   
Top Scams Reported in the Last 24 Hours

Tax refund scam
The Inland Revenue Authority of Singapore (IRAS) has released an advisory to warn citizens about an ongoing tax refund scam that is being circulated via email and WhatsApp. While the scammers are using WhatsApp to circulate the tax refund image, the email is sent with the subject line: “Inland Revenue Authority of Singapore-Refund-Online-Confirmation” to trick users. The recipient is asked to download and complete a tax refund form from a provided link to receive a tax refund of $236.51. In order to prevent oneself from getting scammed, IRAS has warned people to stay vigilant about such emails and messages.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 23, 2019
Next
Cyware Daily Threat Intelligence, August 21, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.