Go to listing page

Cyware Daily Threat Intelligence, January 03, 2023

Cyware Daily Threat Intelligence, January 03, 2023

Share Blog Post

Financial and insurance services in Europe are under attack by Raspberry Robin (or QNAP worm) that exhibited highly sophisticated anti-analysis tactics in its latest campaign. One of the ways hackers propagated the malware was via fraudulent ads redirecting victims to infected sites. In other news, customers of a Colombian cooperative bank are being targeted by threat actors using BitRAT against them in a social engineering attack.

Furthermore, Taiwan-based networking and storage solutions provider Synology warned customers about patches addressing critical vulnerabilities in Synology VPN Plus Server and the Synology Router Manager (SRM).

Top Breaches Reported in the Last 24 Hours

Data of millions exposed in Malaysia
CyberSecurity Malaysia is investigating a massive breach concerning about 13 million individuals in the country. The alleged breach reportedly involved data from the Election Commission, Maybank, and satellite broadcaster Astro. The information exposed may include data, such as full names, dates of birth, addresses, usernames, and identity numbers.

Misconfigured server risks 6GB data
A top Enterprise Resource Planning (ERP) software provider in the U.S. was found exposing the personal information of over half a million Indian jobseekers owing to an unprotected elasticsearch server. All in all, more than 6GB worth of data was available for public access. Researchers noted that the server also exposed the company’s employee data.

Top Malware Reported in the Last 24 Hours

BitRAT operators abuse stolen data
The network of a Colombian cooperative bank was compromised to steal customer data. Now, BitRAT operators have launched a phishing campaign using stolen sensitive customer data to lure them into downloading the malware. Notably, security experts found no signs of such information on any dark web or clear web forum.

Raspberry Robin crawls across Europe
Cybercriminals were found infecting Spanish and Portuguese-speaking organizations with Raspberry Robin worm. In one instance, hackers downloaded a 7-Zip file from the compromised victim's browser. Hackers distributed the malware through fraudulent ads on malicious domains as well.

Top Vulnerabilities Reported in the Last 24 Hours

Bug advisories by Synology
Synology has issued two new vulnerability advisories informing customers about the availability of patches for multiple critical flaws. One of them discusses vulnerabilities in Synology VPN Plus Server and the other one refers to multiple flaws in the Synology Router Manager (SRM).


elasticsearch database
synology vpn plus server
critical flaws
synology router manager srm
raspberry robin

Posted on: January 03, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.