Go to listing page

Cyware Daily Threat Intelligence, February 21, 2022

Cyware Daily Threat Intelligence, February 21, 2022

Share Blog Post

It’s raining decryption keys for ransomware. After the release of master decryption keys for Maze, Egregor, and Sekhmet last week, researchers have made a successful attempt to decrypt files encrypted by Hive ransomware. Gladly, a flaw identified in the encryption algorithm employed by the ransomware has helped researchers retrieve up to 95% of encrypted files.

Talking about new threats observed in the last 24 hours, there’s trouble brewing up for Mac users with the discovery of a new Coinminer. The newly discovered malware sample uses the I2P network to hide its real IP addresses. That’s not all. The operators behind the TrickBot trojan have collaborated with the creators of Ryuk and Conti ransomware strains, which is an indicator for more sophisticated attacks in the future. As ‘Precaution is better than cure,’ organizations can improve the resilience of their infrastructures by taking proactive measures through streamlined actions, processes, and technologies.

Top Breaches Reported in the Last 24 Hours

OpenSea hacked
A hack on the OpenSea platform affected its 32 users. This caused a loss of 254 tokens, which amounted to nearly $1.7 million. While the attack is no more active, it is believed that the affected users might have signed a malicious payload sent by the attack. The attack vector is still unknown.

Update on attacks at IRIB
An investigation into the cyberattack targeting the Islamic Republic of Iran Broadcasting (IRIB) reveals that the attackers had deployed a wiper malware and other custom implants. The incident had occurred in January and disrupted the state’s broadcasting networks.

Monzo customers targeted
Customers of all-digital bank Monzo are being targeted in an SMS-based phishing attack that steals sensitive information from their accounts. The SMS asks the receiver to click on a phishing link to confirm their account by entering their username and password.

Top Malware Reported in the Last 24 Hours

Master key for Hive ransomware retrieved
Researchers have made a successful attempt to leverage a cryptographic vulnerability to retrieve the decryption key for Hive ransomware. The ransomware was first observed in June 2021 and makes use of a variety of initial compromise methods, including vulnerable RDP servers, compromised VPN credentials, and phishing emails with malicious attachments.

New coinminer detected
Researchers spotted a new Coinminer dubbed Coinminer.MacOS.MALXMR.H in early January. The malware has been designed to target macOS machines and uses open-source components, as well as an I2P network to hide its traffic. It is primarily used to mine Monero cryptocurrency.

TrickBot collaborated with Conti
In a new development, the operators of the TrickBot trojan have collaborated with the creators of the Ryuk and Conti ransomware, which has also been thriving amid recent crackdowns. This indicates another survival instinct for Trickbot trojan, which had suffered takedown in October 2020.


opensea platform
islamic republic of iran broadcasting irib
hive ransomware

Posted on: February 21, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.