Go to listing page

Cyware Daily Threat Intelligence, December 12, 2022

Cyware Daily Threat Intelligence, December 12, 2022

Share Blog Post

A new attack campaign compromising internet-connected devices has come to the notice of researchers. Propelled by Russian hackers, it infects devices with the TrueBot malware downloader, which drops Clop ransomware, Grace malware, and other malicious tools. Threats aimed at legal, legal, financial, and travel agencies in Europe and the Middle East peaked with an infamous hack-for-hire group eying to compromise systems using the Janicab malware. The hacker group has a proven track record of harvesting sensitive internal company data and email credentials.

Moving on, numerous vulnerable Pulse Connect Secure hosts were found to be lying in wait for security fixes, even for those released last year. Pulse Connect Secure appliances have been among the top targets of state-sponsored threat actors and other cybercriminal groups.

Top Breaches Reported in the Last 24 Hours


Data exposed by Australian telecom firm
Telstra, Australia, inadvertently published personal identifiers, such as names, numbers, and addresses of over 130,000 customers via Directory Assistance or the White Pages. The incident may have also impacted 30,000 past and present Telstra employees, of which nearly 12,800 are still employed with the telecom giant. Moreover, scammers have jumped on the bandwagon to breach the affected customers.

Top Malware Reported in the Last 24 Hours


Hackers Silence-ing through TrueBot
Russian-speaking hacking group Silence dropped the TrueBot malware downloader on over 1,500 systems worldwide to deploy their set of hacking tools, including Grace malware, Cobalt Strike, Teleport, and Cl0p ransomware. Teleport is a new custom data leakage tool created by the group. It uses Truebot downloader to infect systems with malicious code. According to Cisco Talos, the hacker group has used different attack vectors since August 2020.

Cryptomining chaos against Linux systems
Trend Micro revealed details about a new cryptomining attack involving Linux machines and advanced Chaos RAT. The malware is a Go-compiled binary that can perform a variety of functions, including, opening a reverse shell, accessing files (upload, download, delete), taking screenshots, performing a machine reboot, and more. Hackers use a C2 server, likely located in Hong Kong, to serve Chaos RAT.

Evilnum infects with travel industry with Janicab
Hack-for-hire group Evilnum, aka DeathStalker, targeted legal, financial, and travel sectors in the Middle East and Europe with a more stabilized variant of Janicab malware. The malware uses public services like WordPress and YouTube as dead drop resolvers. The campaign’s victims are located in Egypt, the UAE, Georgia, Saudi Arabia, and the U.K.

Top Vulnerabilities Reported in the Last 24 Hours


Several critical bugs unpatched
Censys, an attack surface management firm, found over 4,400 internet-accessible Pulse Connect Secure appliances affected by at least one known security bug. Of those, about 3,500 of the vulnerable hosts haven’t patched fixes released last year, which addressed six flaws. Pulse Connect Secure devices are still impacted by other critical bugs, such as CVE-2018-5299, CVE-2018-6320, CVE-2019-11510, and CVE-2019-11540.

Top Scams Reported in the Last 24 Hours


Christmas holidays invite smishing scams
Amazon customers in the U.K has started receiving fraudulent text messages creating a sense of urgency regarding account login. The e-Commerce giant has warned shoppers of the scam wherein adversaries attempt to break into users’ accounts by harvesting their personal data and credentials.

 Tags

pulse connect secure appliances
telstra corporation ltd
truebot
silence hackers
smishing scams
christmas holidays
janicab malware
chaos rat

Posted on: December 12, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.