Go to listing page

Cyware Daily Threat Intelligence, December 21, 2022

Cyware Daily Threat Intelligence, December 21, 2022

Share Blog Post

In a fresh revelation, hundreds of banking and cryptocurrency apps were found infected with the GodFather Android banking trojan. The malware abuses Android's Accessibility Services to extract sensitive phone data, including videos and keystrokes. Meanwhile, researchers patched a highly sensitive vulnerability in two of Hikvision’s wireless bridge products designed for elevators and other video surveillance systems. An India-based CCTV and IoT cybersecurity company pointed out the security issue.

That’s not it! Pro-Russia hacker group KillNet claimed to have accessed an FBI database and stolen the sensitive data of 10,000 U.S. federal agents. It has posted screenshots, on a Telegram channel, that contained passwords to medical ID cards, online stores, and Apple, Google, and Instagram accounts.

Top Breaches Reported in the Last 24 Hours

Okta’s source code leak
Popular authentication services and IAM solutions provider Okta suffered a breach impacting its private GitHub source code repositories. The company said attackers could not access the Okta service or its customers’ data. As per its disclosure, the incident concerns Okta Workforce Identity Cloud (WIC) code repositories and not Auth0 Customer Identity Cloud product.

Attack on NATO member
The network of a large petroleum refining company within a NATO member state was targeted by the Russia-linked Gamaredon group, revealed Palo Alto Networks. The APT group has a history of primarily targeting NATO allies with the purpose of extracting sensitive data. Hackers installed a VBScript backdoor via spear-phishing emails for establishing persistence.

Germany-based steel firm targeted
Thyssenkrupp, a German steel production company, allegedly fell victim to an ‘organized crime.’ Parts of its materials services and the corporate segment have been impacted by the attack. There’s no evidence of any data leak as of now. 

KillNet hacks FBI database
Russian hacker group KillNet claimed to have stolen the personal information of more than 10,000 U.S. federal agents via an FBI database. Though the hacking incident remains unverified, the group reportedly pilfered data such as social media passwords and bank-related details.

Healthcare org exposes personal data
Oklahoma-based IT services provider for healthcare organizations, Avem Health Partners, informed over 271,000 individuals about their personal information leaks. The breach, however, occurred at a third-party data storage vendor known as 365 Data Centers. The exposed Avem files contained patients’ personal and medical data, including SSNs, driver's license numbers, health insurance, and diagnosis information.

Top Malware Reported in the Last 24 Hours

Secrets of Royal ransomware
Trend Micro security experts studied multiple attacks from the Royal ransomware group and found that it brings expertise in callback phishing to deliver the ransomware payload. Hackers lure victims via social engineering tactics and make them install remote access software. A majority of its attacks were directed at the U.S. and Brazil.

Godfather has a global approach
GodFather, an Android cum Windows banking trojan, has been spotted targeting users of over 400 banking and cryptocurrency apps encompassing 16 countries. Among the targets are 215 banks, 110 crypto exchange platforms, and 94 crypto wallet providers. Impacted users span the U.S., Turkey, Spain, Italy, Canada, and more.

Top Vulnerabilities Reported in the Last 24 Hours

Bug enables remote CCTV hack
China-based video surveillance firm Hikvision released a fix for a critical flaw affecting some of its wireless bridge products. The flaw, identified as CVE-2022-28173, is a critical access control flaw that can lead to remote CCTV hacking. An attacker can abuse the security hole to gain administrator permissions by sending specially crafted messages.


nato member
gamaredon apt group
killnet group
royal ransomware
fbi database
source code
remote cctv hacking
avem health partners

Posted on: December 22, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.