Go to listing page

Cyware Daily Threat Intelligence, February 23, 2022

Cyware Daily Threat Intelligence, February 23, 2022

Share Blog Post

Cyberattacks against PLC systems, ICS devices, and OT networks are increasing in volume and variety as nefarious activities of three new cybercriminal outfits have come under the scanner of researchers. Tracked as Kostovite, Petrovite, and Erythrite, these new groups are actively targeting organizations in the energy sector to gain direct access to the firms’ infrastructure, move laterally, and steal data.

A unique covert hacking tool used by the Equation Group threat actors has also been unraveled by security experts. Dubbed Bvp47, the malicious implant sports a two-way communication mechanism to exfiltrate sensitive data. Furthermore, in a major revelation, researchers have 
unearthed similarities between the Dridex trojan and a little-known ransomware called Entropy.

Top Breaches Reported in the Last 24 Hours

Asustor NAS devices hit
Owners of Asustor NAS devices were left without access to their devices owing to an attack by DeadBolt ransomware. The victims were asked to pay a ransom of 0.03 Bitcoin to receive the decryption key.

Top Malware Reported in the Last 24 Hours

25 malicious npm packages
Researchers detected around 25 malicious npm packages, 17 of which were designed to steal Discord tokens. If attackers got access to these tokens, they could use them to infiltrate a victim’s account and hijack Discord servers. The researchers also noted that many of the packages masqueraded as the colors.js npm package.

Update on Dridex trojan
In a new update, researchers have found similarities between the prominent Dridex trojan and a little-known Entropy ransomware. The similarities are in the software packer used to conceal the ransomware code, in the obfuscation commands, and in the subroutines used to decrypt encrypted text.

Top Vulnerabilities Reported in the Last 24 Hours

An unpatched flaw in Webmail
A nine-year-old unpatched security vulnerability in Horde Webmail could be abused to gain complete access to email accounts. This could give the attackers access to all sensitive information stored in the victim’s email account. This cross-site scripting flaw is triggered when a targeted user views an attached OpenOffice document in the browser.

Critical vulnerabilities in Extensis Portfolio
Several critical vulnerabilities, including a zero-day flaw, have been identified in Extensis Portfolio. Five of these flaws have received patches and are tracked as CVE-2022-2451, CVE-2022, 24255, CVE-2022-24252, CVE-2022-24254, and CVE-2022-24253. The zero-day flaw is yet to be addressed by the vendor.

CISA warns about flaws in Zabbix tool
The CISA has added two critical Zabbix flaws to its Known Exploited Vulnerabilities catalog. These flaws are tracked as CVE-2022-23131 and CVE-2022-23134. They can be exploited to bypass authentication and gain administrator privileges, which further could allow the execution of code remotely.

 Tags

kostovite
zabbix tool
erythrite
equation group threat actors
horde webmail
petrovite

Posted on: February 24, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.