New HermeticWiper malware and details of previously undocumented Cyclops Blink malware have surfaced in the last 24 hours, and both the incidents are attributed to Russian threat actors. While the newly found wiper malware is being used aggressively against Windows machines in Ukraine, the advanced Cyclops Blink malware has been found infecting firewall devices worldwide since June 2019.
Meanwhile, researchers are sensing new sophisticated attacks by TrickBot as they explore active C2 infrastructures tied to the trojan, serving malicious plugins and web injects. Additionally, a new malware dubbed Electron Bot is actively targeting gamers across Sweden, Bulgaria, Russia, Bermuda, and Spain.
Top Breaches Reported in the Last 24 Hours
Hackers selling network access
A new report reveals that hackers are selling access to networks of high-profile organizations for a price of $1500. Most of these are related to academic, government, and technology entities based in the U.S. With access to these networks, attackers can move laterally, conduct espionage and even deploy ransomware.
Top Malware Reported in the Last 24 Hours
New Cyclops Blink malware
The U.S. CISA, along with the FBI, NSA, and U.K. NCSC, has issued an advisory detailing new tools and tactics of the Russia-based SandWorm APT group. One of the important aspects is the discovery of a new Cyclops Blink malware that is believed to be a replacement for the VPNFilter botnet that compromised over 500,000 devices. The newly found malware has been active since June 2019.
New HermeticWiper malware
A newly found HermeticWiper malware has been observed targeting multiple organizations in Ukraine. The malware is being used against Windows devices. It deletes shadow copies and manipulates MBR after rebooting. In another instance, several websites of Ukraine’s defense, foreign and interior ministries were unreachable following a DDoS attack on February 23.
New Electron Bot
A new malware, dubbed Electron Bot, has been found infecting over 5,000 machines worldwide. The malware is mainly distributed via gaming applications on Microsoft’s Official Store. It is capable of taking control of social media accounts on Facebook, Google, and Sound Cloud. The malware uses the Electron framework to imitate human browsing behavior and evade website protections.
Update on TrickBot
Researchers have observed that the C2 infrastructures used by the TrickBot trojan are still active in spite of no new attacks being detected since January 2022. The last set of attacks involving trojan was registered in December 2021.
Top Vulnerabilities Reported in the Last 24 Hours
Flawed Accusoft ImageGear
Researchers discovered multiple vulnerabilities in Accusoft ImageGear that could lead to code execution. Some of these flaws are tracked as CVE-2021-21914, CVE-2021-21938, CVE-2021-21939, CVE-2021-21914, CVE-2021-21942, CVE-2021-21943, CVE-2021-21943, and CVE-2021-944, and CVE-2021-21945. Accusoft is yet to issue patches for these flaws.