Go to listing page

Cyware Daily Threat Intelligence, February 15, 2022

Cyware Daily Threat Intelligence, February 15, 2022

Share Blog Post

A new threat looms over aviation, transportation, manufacturing, and defense industries as researchers explore the TTPs of a low-lying threat actor tracked as TA2541. The murkier aspect of this campaign is that the attacker has been stealthily targeting such organizations since 2017 but thankfully has now come to light.

The recent BlackByte ransomware attack spree has caught the attention of the FBI. The agency has raised an alarm about it following the attacks on three critical infrastructure organizations in the last three months. Additionally, it has issued an advisory on how to detect and defend against the ransomware attacks. In other news, NFT enthusiasts are now on the watchlist of cyberattackers seeking ways to distribute BitRAT.

Top Breaches Reported in the Last 24 Hours

Aviation sector under attack
A low-lying threat actor tracked as TA2541 is believed to have been targeting entities in the aviation sector since 2017. The attacker used off-the-shelf malware and relied on malicious Microsoft Word documents to deliver trojans such as AsyncRAT, NetWire, WSH RAT, and Parallax. Most of the themes included transportation-related terms such as flight, aircraft, fuel, yacht, charter, etc.

South Shore Hospital notifies about a breach
South Shore Hospital in Chicago has notified its patients and employees about a data breach that affected their personal data. The incident was discovered on December 10, 2021, after security analysts found suspicious activity on the firm’s network. The impacted data may include names, Social Security numbers, contact information, dates of birth, financial information, medical data, and Medicaid information of patients.

NSW discloses a data leak
New South Wales Premier Dominic Perrottet has admitted a data leak due to a misconfigured NSW government website. This affected more than 500,000 addresses, including defense sites, a missile maintenance unit, and domestic violence shelters, among others.

Mizuno attacked
Japan-based sportswear brand Mizuno has fallen victim to a ransomware attack. The attack led to significant business disruption, including phone outages, delays in shipping products, and website issues.

Top Malware Reported in the Last 24 Hours

FBI warns about BlackByte ransomware
The U.S Federal Bureau of Investigation (FBI) has issued an advisory to warn about recent breaches involving the BlackByte ransomware group. The gang has targeted at least three critical infrastructure organizations in the U.S in the last three months. The advisory focuses on providing IoCs that organizations can use to detect and defend against BlackByte’s attacks.

NFT lures used to spread BitRAT
Threat actors are leveraging NFT-related information to lure users into downloading the BitRAT malware. The campaign makes use of malicious Excel files named ‘NFT_Items’ to attract targets. These files are hosted on the Discord app and appear to contain names of NFTs, forecasts for potential investment returns, and selling quantities.

Top Vulnerabilities Reported in the Last 24 Hours

Goggle rolls out patches
Google has rolled out security patches for eleven security issues in the Chrome web browser. This includes a high-severity vulnerability that is being exploited in real-world attacks. It is tracked as CVE-2022-0609 and described as a use-after-free vulnerability. Successful exploitation of the flaw can lead to corruption of data and execution of arbitrary code on affected systems.


wsh rat
blackbyte ransomware group
south shore hospital

Posted on: February 15, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.