Cyware Daily Threat Intelligence, February 08, 2021

Share Blog Post

Phishing attacks rely on the best defense mechanisms to target as many individuals as possible. In this attempt, phishers have now been observed using Morse code as a part of their latest obfuscation technique to hide malicious URLs in email attachments.

Another novel evasion technique has been observed in the recently discovered Zeoticus 2.0 ransomware. The malware is designed in such a manner that it does not depend on the C2 server for communication. Moreover, it targets all countries except Russia, Belarus, and Kyrgyzstan.

Top Breaches Reported in the Last 24 Hours

Sri Lankan domains defaced
Hacktivists have hijacked and defaced the DNS records of several Sri Lankan websites that include Google.lk and Oracle.lk. Users visiting these sites are redirected to web pages detailing various social issues impacting the local population. The attack took place on February 6.

SN Servicing Corp notifies about an attack
Mortgage loan servicing company SN Servicing Corporation has disclosed a ransomware attack that affected its systems. Although attack details are not known, a preliminary investigation identifies the compromised data includes billing statements and fee notices of customers from 2018.

WestRock struggles from the attack
WestRock is struggling to recover from a ransomware attack that occurred on January 23. Although the company hasn’t shared any details about the attack, it has proactively shut down certain systems to enhance its cybersecurity posture.

Top Malware Reported in the Last 24 Hours

Zeoticus 2.0 ransomware
Zeoticus 2.0 ransomware has emerged on the threat landscape that has no dependence on a C2 server. It relies on faster encryption algorithms such as XChaCha20, Poly1305, XSalsa202, and Curve25519. It is also worth noting that the malware is designed not to function in some regions such as Russia, Belarus, and Kyrgyzstan.

New obfuscation technique
A new phishing attack campaign has been observed using Morse code to hide malicious URLs in an email attachment. The ultimate goal is to bypass secure email gateways or mail filters during the infection process.

Ziggy ransomware shuts down
The Ziggy ransomware has shut down its operation and released decryption keys for its victims. The ransomware operators announced the shut down on Telegram.

Furball spyware
Iranian threat actor group, Charming Kitten, has been linked with a massive cyberespionage campaign that involves the use of Furball spyware. Target individuals could include regime dissidents, civil rights activists, journalists, and lawyers. The spyware is distributed via malicious wallpaper and gaming apps.

 Tags

charming kitten group
ziggy ransomware
westrock
zeoticus 20 ransomware
furball spyware

Posted on: February 08, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!