Cyware Daily Threat Intelligence, February 16, 2021

Share Blog Post

The scope of cyberattacks is expanding and so is the malicious intent of cybercriminals. In a new revelation, it has been found that the disastrous SolarWinds supply chain attack was the work of over a thousand hackers who modified 4,000 of the millions of lines of code meant for SolarWinds Orion product. A mind-boggling cyberespionage campaign, tied to Sandworm APT group, has also emerged in the last 24 hours. The three-year-long attack was carried out by exploiting an IT monitoring tool called Centreon. Moreover, two web shells—PAS and Exaramel—were used as part of the attack.

Threats in the form of vulnerabilities were also explored in two widely used apps - SHAREit and Telegram. The flaws could have enabled attackers to remotely execute code and steal user data.

Top Breaches Reported in the Last 24 Hours

New details on SolarWinds attack 
New details reveal that more than 1,000 hackers were involved in the devastating SolarWinds attack that targeted multiple U.S. government agencies and private cybersecurity companies. Furthermore, the attackers rewrote around 4,000 of the millions of lines of code in the SolarWinds Orion update to launch the attack.

French entities attacked
Russian-linked threat actor group Sandworm has been linked to a three-year-long stealthy operation that targeted several French entities. The intrusion, which started in late 2017 and lasted until 2020, was carried out by exploiting an IT monitoring tool called Centreon. Two web shells—PAS and Exaramel—were used as part of the attack.

EXMO suffers DDoS attack
The website of the U.K cryptocurrency exchange EXMO was knocked offline following a DDoS attack. This had affected the whole network infrastructure, including the website, API, Websocket API, and exchange charts.

Dutch Research Council attacked
Cyberattack on Dutch Research Council (NWO) has forced the organization to suspend its research grants. The attackers had compromised servers and made the networks inaccessible.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable SHAREit app
Researchers have disclosed PoC for several vulnerabilities in the SHAREit app that can be abused to expose sensitive user data and allow remote code execution. These flaws can be exploited by malicious applications installed on the targeted user’s device to overwrite files associated with SHAREit.

Faulty Telegram app
A vulnerability in the Telegram messaging app could have exposed users’ secret messages, photos, and videos to remote malicious actors. The issue was discovered in iOS, Android, and macOS versions of the app. The flaw stemmed from the way the app handled the animated stickers.

Apple patches a severe macOS bug
Apple has patched a severe bug in macOS Big Sur that could cause serious data loss. The bug was introduced in Big Sur 11.2 and made its way into the 11.3 data.


solarwinds orion product
dutch research council nwo
telegram app

Posted on: February 16, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!