Go to listing page

Cyware Daily Threat Intelligence, December 29, 2021

Cyware Daily Threat Intelligence, December 29, 2021

Share Blog Post

Even in the last few days of the year, the discovery of new malware threats has gone on relentlessly. This time, a new malware named Flagpro was found to be used in attacks against Japanese companies by the BlackTech APT group. Another group of cybercriminals were discovered abusing the Microsoft Build Engine (MSBuild) to execute Cobalt Strike on compromised systems.

In a noteworthy incident, one of the largest news publishers in Norway was forced to halt its newspaper printing operations due to a cyberattack. Meanwhile, the Log4j vulnerability saga continues with a new update released to fix the fifth security vulnerability to be discovered in the open-source tool in the span of a month. 

Top Breaches Reported in the Last 24 Hours

Norwegian media targeted
One of the largest news publishers in Norway, Amedia, announced that several of its central computer systems were apparently taken offline due to a cyberattack. The attack forced the publisher to halt its printing presses. According to the company, it is unclear whether any personal information of customers has been compromised in the incident.

Fintech firm suffers Log4j attack
A Vietnamese crypto trading platform, ONUS, recently suffered a cyberattack on its payment system running a vulnerable version of Log4j. Threat actors demanded a $5 million sum from ONUS and threatened to publish the customer data if the firm refused to comply.

T-Mobile customers breached
In a new report, T-Mobile disclosed that cyberattackers recently accessed a small number of customers’ accounts. Some T-Mobile customers either fell victim to a SIM swapping attack, had their personal plan information exposed, or both.


Top Malware Reported in the Last 24 Hours

Flagpro malware uncovered
NTT researchers found the BlackTech cyberespionage group targeting Japanese companies using a novel malware that researchers call Flagpro. The APT group uses Flagpro for network reconnaissance, to evaluate the target’s environment, and to download a second-stage payload and execute it.

MSBuild abused by cybercriminals
Researchers at Morphus Labs and SANS Internet Storm Center observed attack campaigns abusing MSBuild to execute a Cobalt Strike payload on compromised systems. The malicious MSBuild project was being used to compile and execute specific C# code that in turn decodes and executes Cobalt Strike.

Riskware apps on Android
A slew of malicious apps were spotted on the Samsung Galaxy Store, triggering security warnings from Google Play Protect for numerous users. The apps request access to risky permissions that could allow the installation of malware on the Android device.


Top Vulnerabilities Reported in the Last 24 Hours

Flaws in EVlink charging stations
Schneider Electric issued patches for several vulnerabilities that put its EVlink electric vehicle charging stations at risk of remote hacking attempts. The security flaws include cross-site request forgery and cross-site scripting bugs that can be exploited to carry out actions on behalf of a legitimate user. The most severe flaw, having a CVSS score of 9.3, is a server-side request forgery vulnerability.

New Log4j update
The Apache Software Foundation rolled out fresh patches to fix an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a scale of 10 and impacts all versions of the logging library from 2.0-alpha7 to 2.17.0 with the exception of 2.3.2 and 2.12.4.



 Tags

flagpro malware
amedia
onus
msbuild
log4j vulnerability
schneider electric evlink
riskware

Posted on: December 29, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.