Cyware Daily Threat Intelligence, December 21, 2020

Share Blog Post

Here’s a major update on the much-talked-about SolarWinds supply chain attack. The latest research reveals the use of a new malware named CosmicGale, which was dropped by a .NET web shell called Supernova. The new discovery is a work of another threat group that is not behind the attacks on FireEye, Microsoft, and government entities.

A Ghostwriter cyberespionage campaign that spanned over three years has also been observed by security experts. The campaign leverages compromised websites and spoofed email accounts to disseminate fabricated content.

Top Breaches Reported in the Last 24 Hours

Updates on SolarWinds attack
Latest updates on SolarWinds’ supply chain attack reveals that a second threat group has exploited the software to plant a .NET web shell called Supernova and a CosmicGale malware. The new revelation is in addition to the previously discovered backdoor malware named SUNBURST. Supernova enables adversaries to run arbitrary code on machines running the trojanized version of the software.

Ledger wallet affected
A threat actor has leaked the stolen email and mailing addresses of Ledger cryptocurrency wallet users on a hacker forum Raidforums for free. The attacker had breached the wallet by exploiting a vulnerability in the website that allowed threat actors to access customers’ contact details.

Symrise affected
Clop ransomware gang has claimed their attacks on Symrise AG by stealing 500 GB of unencrypted files. It is reported the gang has encrypted 1,000 devices of the firm.

Dozens of journalists impacted
At least 36 journalists, producers, and executives working for the Al Jazeera news agency were targeted with a so-called zero-click attack via Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.

Top Malware Reported in the Last 24 Hours

Ghostwriter campaign
Researchers have discovered a Ghostwriter campaign that spanned over three years. The campaign leverages compromised websites and spoofed email accounts to disseminate fabricated content. Legitimate news sites are also part of the campaign.

Top Vulnerabilities Reported in the Last 24 Hours

Facebook bug
A bug found on Facebook exposed the private data of Instagram users, including their email addresses and birth dates. The bug existed in Facebook’s Business Suite tool available for Facebook business accounts. The issue was resolved quickly after it came to the notice of Facebook. The firm also confirmed no evidence of abuse.


clop ransomware gang
ghostwriter campaign

Posted on: December 21, 2020

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!