Go to listing page

Cyware Daily Threat Intelligence, February 26, 2021

Cyware Daily Threat Intelligence, February 26, 2021

Share Blog Post

The notorious Lazarus threat group didn’t waste any time getting up and running for 2021. Researchers have linked the group with a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense sector. The campaign leverages a multi-step approach that begins with specially crafted spear-phishing emails to execute the ThreatNeedle malware.

The emergence of cybercrime-as-a-service schemes is predicted as one of the biggest cybersecurity issues in upcoming years. Nation-state hacking groups are hiring cybercrime groups in an attempt to hide their involvement in attack campaigns. Meanwhile, the new DarkWorld ransomware is an Achilles heel in the cybersecurity world.

Top Breaches Reported in the Last 24 Hours

Emergence of CaaS
A report has warned about the emergence of Cybercrime-as-a-Service (CaaS) schemes among nation-state threat actors. The scheme allows threat actors to work with groups that can carry out attacks for them. The crimes range from executing malicious hacking operations to breaching networks.

Npower suffers an attack
The U.K’s largest energy firm Npower has been forced to deactivate its mobile app after a report of credential stuffing attack against users emerged. Although it’s unclear how many accounts are affected, the data that may have been exposed in the incident include dates of birth, contact details, addresses, and financial information of users.

Top Malware Reported in the Last 24 Hours
New ThreatNeedle malware
An ongoing espionage campaign aimed at the defense industry has been tracked by researchers. Tied to the North Korea-based Lazarus group, the attack involves the use of ThreatNeedle malware which exfiltrates sensitive information. The malware is delivered via COVID-themed emails with malicious Microsoft Word attachments.

New DarkWorld ransomware
Researchers have detected a new DarkWorld ransomware that adds .dark extension to encrypted files. The malware uses the Rijndael algorithm to encrypt files.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable PLCs
Industrial organizations have been warned about a critical authentication bypass vulnerability that can allow hackers to remotely compromise PLCs from Rockwell Automation. Tracked as CVE-2021-22681, the flaw has a CVSS score of 10. The vulnerability impacts Studio 5000 Logix Designer, as well as over a dozen CompactLogix, ControlLogix, DriveLogix, Compact GuardLogix, GuardLogix, and SoftLogix controllers.

SQL triggers backdoors
Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin-level user into the infected database whenever the trigger condition is met.


authentication bypass vulnerability
threatneedle malware
cybercrime as a service caas
malicious sql queries

Posted on: February 26, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.