Go to listing page

Cyware Daily Threat Intelligence, December 14, 2020

Cyware Daily Threat Intelligence, December 14, 2020

Share Blog Post

State-sponsored threat actors are always on the lookout for new ways to target sensitive networks. In one such instance, Russian hacker group APT29 was allegedly found to have targeted the US Treasury and the Department of Commerce, along with firms like Microsoft, FireEye, AT&T, in a massive cyberespionage campaign. The hackers leveraged a backdoor in a software provided by SolarWinds.

Meanwhile, researchers have discovered new malware threats targeting internet-connected databases. The first one, named PgMiner, is a botnet operation targeting PostgreSQL databases to install a cryptominer. The other threat, dubbed “PLEASE_READ_ME”, was found stealing data from MySQL servers and leaving behind ransom notes.

Top Breaches Reported in the Last 24 Hours

U.S. federal agencies breached
Russian state-linked hacker group APT29 allegedly targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies using a backdoor in SolarWinds backdoor.

Habana Labs hit by ransomware
AI processor developer Habana Labs suffered an attack by the Pay2Key ransomware where data was stolen and leaked by the threat actors. The leaked data included business documents and source code images.

Hackers exploit Subway UK
Hackers have compromised a marketing system in Subway UK and used it to send out phishing emails to deliver TrickBot malware to its customers. The malicious emails included a link to a weaponized Excel document containing confirmation of an alleged order.

Top Malware Reported in the Last 24 Hours

PgMiner botnet campaign
Security researchers discovered a botnet operation dubbed PgMiner that targets PostgreSQL databases to install a cryptocurrency miner. The malware performs brute-force attacks against internet-accessible PostgreSQL databases.

Ransomware campaign targets MySQL
A new ransomware campaign dubbed “PLEASE_READ_ME” was found targeting MySQL servers through brute-force attacks. After breaching a database, the attackers run a sequence of queries in the database to gather and ultimately exfiltrate all the user data.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws in Steam
Several critical security vulnerabilities (CVE-2020-6016 through CVE-2020-6019) in the Steam gaming platform could allow attackers to take over hundreds of thousands of vulnerable systems remotely.

Insecure communication in WinZip
Researchers found that unencrypted communications in WinZip 24 could allow attackers to use techniques like DNS poisoning to trick the application to fetch “update” files from malicious web servers instead of legitimate WinZip update hosts.

Top Scams Reported in the Last 24 Hours

Bitcoin scam ads
An investigation by The Guardian found unauthorized images of several celebrities that were used in bitcoin scam ads to target Australians as part of a highly organized global business that uses five addresses in the center of Moscow.

 Tags

habana labs
pgminer
us treasury department
solarwinds orion
apt29
subway uk

Posted on: December 14, 2020


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.