Go to listing page

Cyware Daily Threat Intelligence, January 04, 2022

Cyware Daily Threat Intelligence, January 04, 2022

Share Blog Post

The fact that cybercriminals see no boundaries has intensified the impact of cybercrime. While the whole world was celebrating the holiday season, the Konni APT group had its own way to treat itself. It was found targeting some diplomats via a phishing email that distributed Konni RAT. A disturbing digital skimming attack that infected over 100 websites of a real estate company has also come to notice in the past 24 hours. The skimmer malware was designed to gather users’ personal information and credit card details.

Telegram users! Here’s an important warning for you. Attackers are riding on the popularity of this messaging platform to infect your systems with Purple Fox rootkit. So, make sure that you are downloading the official Telegram desktop installer to protect yourself.

Top Breaches Reported in the Last 24 Hours

Broward Health notifies about data breach
The Broward Health hospital system notified more than 1.3 million patients and staff members about a data breach that affected their personal data. The incident took place in October 2021 and the compromised data included names, addresses, phone numbers, social security numbers, and bank account information of individuals.

Konni APT bats against Russian diplomats
A cyberespionage campaign linked to the Konni threat group targeted Russian embassy diplomats over the New Year holiday. The campaign, which was active since December 20, 2021, was propagated via phishing emails that used the New Year Eve 2022 festivity as a decoy theme. The email was used to distribute Konni RAT.

U.K’s Ministry of Defence attacked
A training academy of the U.K Ministry of Defence (MoD) suffered a cyberattack last year. This affected several IT systems that are still under development. An investigation has been launched and the National Cyber Security Centre (NCSC) has been made aware of the attack.

Top Malware Reported in the Last 24 Hours

Purple Fox launched via fake Telegram
A fake Telegram for Desktop installer distributed the Purple Fox rootkit to further infect the devices with malicious payloads. Impersonating the legitimate software for dropping malware is a trick used by attackers to stay under the radar.

Skimmer code infect 100 websites
More than 100 real estate websites belonging to the same parent company were infected with web skimmer malware via a cloud video platform. The skimmer was designed to gather users’ personal information and credit card details.

Top Vulnerabilities Reported in the Last 24 Hours

DoorLock flaw
A potential security flaw, dubbed doorLock, found in HomeKit can be exploited to launch DoS attacks against iPhones and iPads. The vulnerability can be triggered by sending a malicious application to targeted users’ devices. It impacts devices running iOS and iPadOS versions between 14.7 and 15.2.

Web cache poisoning flaws
In an extensive research, a security researcher has highlighted the discovery of 70 web cache poisoning vulnerabilities impacting several websites and servers. Some of the affected servers include Apache, GitHub, GitLab, HackerOne, and Cloudflare.


konni apt
broward health hospital system
doorlock flaw
web cache poisoning flaws
telegram for desktop installers

Posted on: January 04, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.