Go to listing page

Cyware Daily Threat Intelligence, February 25, 2021

Cyware Daily Threat Intelligence, February 25, 2021

Share Blog Post

Globally, the threat landscape is constantly evolving as threat actors show no signs of slowing down. Four new hacking groups, named Stibnite, Talonite, Kamacite, and Vanadinite, have been added to the list of threat actors for targeting industrial environments. Though only time will tell about their extent and abilities, for now, researchers claim that the groups are aiming to steal information, spread ransomware, and cause disruption in the OT network.

Throwing light on other threats, the Turkey Dog APT group is using the COVID-19 crisis as bait to deceive Turkish users into downloading Android apps that distribute notorious Cerberus and Anubis trojans. A new campaign has been unwrapped by researchers that involved the use of a malicious Firefox extension to spy on Tibetan communities.

Top Breaches Reported in the Last 24 Hours

Hacking groups target industries
Four new hacking groups have been observed targeting industrial environments. These groups are named by researchers as Stibnite, Talonite, Kamacite, and Vanadinite. Threats from these cybercriminal groups include stealing information, encrypting systems with ransomware, and causing potential disruption against operation technology. 

QuickBooks targeted
Cybercriminals are increasingly targeting QuickBooks in an attempt to deliver malware and exploit the accounting software. The breaches are executed either by sending decoy documents or PowerShell commands via emails. The credentials from QuickBooks databases are later put on sale on the dark web.

Targeting Tibetan
A new campaign aimed at spying on vulnerable Tibetan communities globally has been uncovered by researchers. The attack is attributed to the TA413 threat actor group and involves deploying a malicious Firefox extension on target systems.

Top Malware Reported in the Last 24 Hours

Return of Anubis trojan
Reports of threat campaigns attempting to fool social engineer users into downloading Android apps containing the Cerberus and Anubis banking trojan have surfaced. Attributed to Turkey Dog APT, the campaign uses COVID-19 lures to attract users. The attackers lure visitors into providing free internet packages.   

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable vCenter server targeted
Malicious hackers have started scanning the internet for VMware vCenter servers that are vulnerable to a critical remote code execution vulnerability. The flaw is tracked as CVE-2021-21972 and can be exploited by attackers to execute malicious commands with elevated privileges. Many of these servers are located in the United States, Germany, China, France, and the United Kingdom.

Cisco issues patch
Cisco has issued patches for a critical security flaw affecting its Nexus 3000 Series Switches and Nexus 9000 Series switches. The flaw, tracked as CVE-2021-1388, stems from improper token validation on an API endpoint in Cisco’s ACI MSO. It could allow a remote attacker to bypass authentication. 

Top Scams Reported in the Last 24 Hours

Tax scam
The Internal Revenue Service and Security Summit financial industry partners are warning about scams that are aimed at stealing personal information from taxpayers. The campaign impersonates the IRS and asks recipients for their EFIN or e-File Identification Number and Driver’s License. The emails contain the subject line "Verifying your EFIN before e-filing" and judging from the IRS' warning, appear legitimate. 


vmware vcenter servers
malicious firefox extension

Posted on: February 25, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.