Go to listing page

Cyware Daily Threat Intelligence, January 04, 2021

Cyware Daily Threat Intelligence, January 04, 2021

Share Blog Post

The scope of SolarWind's supply chain attack continues to blow security experts’ minds as new details emerge. In a new update, Microsoft has confirmed that the hackers behind the attack had used a compromised account to view source code from its internal repositories. Discovered in early December 2020, the attack had affected several U.S. government departments and private organizations. 

This doesn’t end here. In another investigation, it has been found that the China-based APT27 threat actor group has turned to ransomware to wreak havoc on at least five companies in the online gambling sector. BitLocker tool, Clambling backdoor, and PlugX RAT were also used as part of the attack campaign.   

Top Breaches Reported in the Last 24 Hours

Over 200 million records on sale
Over 200 million records related to Chinese citizens have been put on sale on a Russian dark web forum. The exposed data includes ID, gender, name, birth date, mobile number, address, and code numbers of citizens. Researchers claim that the data might have been stolen from multiple popular Chinese services, including Gongan, County, Weibo, and QQ.

Windows Core Polaris code leaked
Microsoft’s unreleased Windows Core Polaris OS was reportedly been leaked online. However, the good news is that the leak included a very early build from 2018 and contained no shell or apps. 

New update on SolarWinds
Microsoft has issued an update in which it has confirmed that it traced a compromised account used to “view source code” of its internal code structure. However, it stated that viewing source code is not tied to an elevation of risk.

Top Malware Reported in the Last 24 Hours

APT27 turn to ransomware 
In an extended investigation, security researchers have found that the China-based APT27 threat actor group is behind ransomware attacks that targeted at least five companies in the online gambling sector. For this, the attackers relied on the BitLocker encryption tool and Clambling backdoor, a malware sample similar to the one used in the DBRControl campaign. Other malware found in the attack campaign includes the PlugX RAT.     

Top Scams Reported in the Last 24 Hours

PayPal phishing scam
An ongoing smishing campaign is targeting PayPal users in an attempt to steal their account credentials and other sensitive information. The message warns the recipients that their accounts have been permanently limited and that they need to verify the account by clicking on a link. This, in turn, takes the victims to a phishing page that prompts them to provide their credentials. The phishing page goes a step further and asks for details such as name, date of birth, address, and bank details, among others. 


paypal phishing
apt27 tbd
core polaris code
solarwinds hack

Posted on: January 04, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.