Go to listing page

Cyware Daily Threat Intelligence, February 17, 2022

Cyware Daily Threat Intelligence, February 17, 2022

Share Blog Post

Alert! There’s a new Kraken botnet in the town and let's not confuse it with the one from 2008 as they have nothing in common, apart from their names. Researchers claim that the new Golang-based botnet makes use of SmokeLoader to spread quickly across multiple devices. The current iteration of the botnet is capable of taking screenshots, stealing various cryptocurrency wallets, and collecting information about the host.

There’s also a warning about a newly found phishing threat that can put Blockchain and Defi environments at risk. Tracked as ‘Ice Phishing,’ the attack can allow attackers to obtain the private cryptographic keys for digital wallets. Furthermore, the FBI has asked organizations and individuals to be vigilant following a recent rise in BEC scams.

Top Breaches Reported in the Last 24 Hours

Update on attacks at Red Cross
A new update on the cyberattack at the International Committee of the Red Cross (ICRC) reveals that the hackers had accessed the networks 70 days before the attack. They exploited a critical severity authentication bypass flaw, tracked as CVE-2021-40539, in Zoho’s ManageEngine AdSelfService Plus to breach the network. The attackers had impersonated legitimate users to hide their presence in the environment.

U.S. contractor under attack
A statement released by the CISA reveals that Russian state-sponsored operatives are targeting U.S. cleared defense contractor networks to obtain sensitive information. Some of these attacks have been ongoing for at least six months. According to the agency, threat actors are using tactics such as spear-phishing and brute-force attacks to breach networks.

Top Malware Reported in the Last 24 Hours

New Golang-based Kraken botnet
A newly found Goland-based Kraken botnet is under active development. Different from the one discovered in 2008, the botnet features an array of backdoor capabilities to pilfer sensitive information from compromised Windows hosts. It makes use of SmokeLoader to spread quickly, gaining control over hundreds of devices each time.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco warns about a DoS flaw
Cisco is informing its customers of a DoS vulnerability in its Email Security Appliance (ESA) product. The flaw, tracked as CVE-2022-20653, can be exploited using specially crafted emails. The vulnerability is caused by insufficient error handling in DNS name resolution. Patches and workarounds have been made available.

Top Scams Reported in the Last 24 Hours

Baltimore city scammed
The Office of the Inspect General (OIG) revealed that Baltimore city was duped into sharing hundreds of thousands of dollars last year after cybercriminals posed as a vendor. The fraudsters claimed to be associated with an employee from a vendor and emailed the Mayor’s Office of Children and Family Success (MOCFS) and Baltimore’s Bureau of Accounting and Payroll Services (BAPS) to update the vendor’s EFT remittance information.

FBI warns about a rise in BEC scam
The FBI is warning about the rise in BEC scams against U.S. organizations and individuals. The agency shared that the scammers had lately turned to virtual meeting platforms to match the overall trend of businesses moving to remote work during the pandemic.

Ice Phishing attack
Microsoft has warned about a new Ice Phishing attack that poses a threat to blockchain and Defi networks. This can enable threat actors to obtain private cryptographic keys to access digital wallets.


bec scams
dos vulnerability
international committee of the red cross icrc
ice phishing
kraken botnet
email security appliance esa product

Posted on: February 17, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.