Go to listing page

Cyware Daily Threat Intelligence, August 29, 2022

Cyware Daily Threat Intelligence, August 29, 2022

Share Blog Post

Play-to-earn games are taking over and it's difficult to ensure the authenticity of a game when cybercriminals do their homework. In one such instance, an adversary group erected a whole new community to infect users with different malware and steal their crypto wallets. Talking of malware, there’s a new Turkish cryptomining campaign that propagates through top apps without a desktop version. Dubbed Nitrokod, it appears highly patient when it comes to infecting victims. It can stay hidden in systems for years.

What more? Log4Shell flaws have once again come to light. A well-known Iranian cybercriminal group is hunting down unprotected SysAid Server instances. It used eHorus and Ligolo for C2 communication during the intrusion.

Top Breaches Reported in the Last 24 Hours


Missile data in the wrong hands
An unidentified actor group claimed they have classified data from MBDA, a European company that produces missiles and other weapons. Hackers were seen offering 80 GB of data for 15 BTC, on Russian and English hacker forums. Later, they dropped the price to 1 BTC for 70 GB worth of data. NATO is also investigating the breach.

Cyberattack knocks lottery site offline
The website of the New Hampshire Lottery had issued a warning in the wake of a breach to its users about avoiding clicking on pop-ups on the website. It may have led to the installation of unsolicited programs that could harm customers. Meanwhile, lottery ticket sales in stores statewide were not affected. For those who clicked on pop-ups, the officials have advised some safety tips.


Top Malware Reported in the Last 24 Hours


Enticed by play-to-earn schemes?
Hackers have created a fake Cthulhu World play-to-earn community, with websites, Discord groups, social accounts, and more, to distribute various payloads. Researchers have identified three malware droppers, namely Raccoon Stealer, AsyncRAT, and RedLine Stealer, used in the attacks. They can steal saved passwords, cookies, crypto wallets, and more.

New cryptominer in 11 countries
Check Point Research laid bare a cryptomining campaign, dubbed Nitrokod, that has reached users across 11 countries so far. It spreads through fake versions of popular software, which do not have an official desktop version, such as the Google Translate application. This also helps it to stay under the radar.


Top Vulnerabilities Reported in the Last 24 Hours


Flaws in OPC UA threaten ICS
JFrog, a software development and security solutions provider, reported several vulnerabilities in the Open Platform Communications United Architecture (OPC UA) protocol. The M2M protocol is used industry-wide for ICS communication. The bugs could be exploited to crash the OPC UA server due to a stack overflow exception.

High-severity Atlassian bug
A critical flaw in Atlassian Bitbucket Server and Data Center is a major threat to government and organizations. An attacker can abuse CVE-2022-36804, allowing an unauthenticated user to execute remote code by sending a malicious HTTP request. Researchers claim that no incident of these vulnerabilities being exploited in the wild has been discovered so far.

Iranian threat group exploits Log4j
MuddyWater, linked to the Iranian Ministry of Intelligence and Security, is abusing SysAid Server instances of Israeli organizations that are running Log4j. Attackers also deployed eHorus, a remote monitoring and management software, and Ligolo, a reverse-tunneling tool for C2C communication.

 Tags

sysaid server instances
mbda
log4shell
nitrokod
asyncrat
atlassian bitbucket server
opc ua
raccoon stealer
nato
cryptomining campaign
redline stealer
cve 2022 36804
cthulhu world

Posted on: August 29, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.