Cyware Daily Threat Intelligence, December 15, 2020

Share Blog Post

Cybersecurity threats have gone a long way as threat actors come up with a variety of new malware. Now, researchers have uncovered a new trojan named PyMicropsia that is related to the Micropsia malware family, another AridViper malware known for targeting Microsoft Windows. Two new backdoors - dubbed SharpStage and DropBook - associated with Molerats threat actor group have also been unearthed during a recent investigation of phishing attacks carried out against the Middle East.

In the past 24 hours, a major phishing attack targeted at Microsoft Office 365 employees, has also come to the notice of security experts. The attack leveraged hundreds of compromised, legitimate email accounts of different organizations.

Top Breaches Reported in the Last 24 Hours

Details of 1.9 million members leaked
A huge trove of data belonging to 1.9 million members of the Chinese Communist Party was offered for free on a Russian hacking forum. The exposed records included names, ethnicity, organizations, phone numbers, education, and addresses of the members. The data was leaked in a 293 MB CSV file.

Hurtigruten hit
Norwegian cruise company Hurtigruten has been hit in a ransomware attack. Though the amount of data loss is unknown, the company said that it has alerted relevant authorities when the attack was detected.

Automation Personnel Services leaks data
A 440 GB archive that belongs to the US-based staffing firm Automation Personnel Services was leaked on a hacking forum. The archive included company data and sensitive documents related to the Automation Personnel Services users, partners, and employees.

Top Malware Reported in the Last 24 Hours

PyMicropsia trojan
A new information-stealing trojan called PyMicropsia that targets Microsoft Windows has been found in the wild. This Python-based malware is capable of taking screenshots, keylogging, collecting information from USB drives, and stealing credentials. It has relations to the Micropsia malware family, another AridViper malware known for targeting Microsoft Windows.

Two new backdoors
The Molerats threat actor group has been found using two new backdoors - named SharpStage and DropBook - and one previously documented MoleNet malware in its recent operations. The attack starts with an email luring political figures and government officials in the Middle East to download malicious documents.

Top Vulnerabilities Reported in the Last 24 Hours

Apple patches several flaws
Apple has released security patches for several security vulnerabilities affecting its iOS and iPadOS. The most serious of these flaws could allow hackers to launch harmful code on iPhones and iPads via a malicious font file. Additionally, some of these flaws are related to memory corruption issues.

Critical Golang flaws
Golang has three vulnerabilities with its XML parser which can be exploited to bypass Security Assertion Markup Language (SAML) authentication. The flaws are CVE-2020-29509, CVE-2020-29510, and CVE-2020-296511. As of now, the Go security team has declared that there is no patch available for these vulnerabilities.

Cisco re-patches 4 flaws
Cisco has re-patched three Jabber vulnerabilities that had received their first patches in September. The three vulnerabilities in question are CVE-2020-26085, CVE-2020-27132, and CVE-2020-27127. The latest patches fixed the injection points that could be used to exploit the vulnerabilities.

Top Scams Reported in the Last 24 Hours

Microsoft Office phishing attack
Researchers have warned of a coordinated phishing attack that targeted numerous enterprises last week. The attackers leveraged hundreds of compromised, legitimate email accounts to target organizations. The victims were lured with an email that impersonated eFax. The message read as, “Tip: Switch to an annual plan – it’s like getting 2 months free every year! Call (800)958-2983 or email help@mail.efax[.]com.” The ultimate purpose of the attack was to steal employees’ Office 365 credentials.

Stimulus payments scam
The IRS and a coalition of state tax agencies are warning individuals about stimulus payment scams that lure unsuspecting individuals into sharing their personal financial information. The message promises a $1200 stimulus package to a recipient.

 Tags

pay2key ransomware
hurtigruten
molerats threat actor group
dropbook backdoor
sharpstage backdoor
pymicropsia

Posted on: December 15, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!