Cyware Daily Threat Intelligence, January 11, 2021

Share Blog Post

The ‘big-game hunting’ by ransomware gangs continues with a new extortion tactic coming to light. In the attempt to extort as much money as quickly as possible, the gangs are now targeting top executives’ data to get the full attention of a firm’s management team. Clop ransomware gang is the first to have leveraged the tactic to collect millions of dollars from a company.

While the resurgence in ransomware attacks continues, here’s another piece of news that is likely to bring more headaches for security researchers. The source of ChastityLock ransomware is now publicly available, which indicates that the next iteration of the ransomware that targets Cellmate devices remains a possibility.

New details regarding SolarWinds supply chain attack have also resurfaced in the past 24 hours. This time, researchers have unearthed similarities between Sunburst malware and Kazuar backdoor, which is a creation of the Russian-linked threat actor group Turla.

Top Breaches Reported in the Last 24 Hours

New extortion process
Ransomware groups are prioritizing stealing data of top executives and managers to put pressure on companies to approve large ransom payouts. The trend has first been adopted by the Clop ransomware gang that managed to pull out a multimillion-dollar ransom from a company.

UN Git repositories exposed
A group of researchers was able to gain access to the repositories of the United Nations as part of the Vulnerability Disclosure Program. This resulted in the leak of several user credentials, including over 100,000 private records for the United Nations Environmental Programme employees.

Korean app leaks data
More than 1 million private photos belonging to a Korean dating app were leaked due to an unsecured database. The database was exposed online for over a week before it was secured on December 23, 2020.

Central bank breached
New Zealand’s central bank has suffered a data breach after an attacker gained unauthorized access to a third party file sharing service used by it. While the breach has been contained, the bank confirmed that sensitive data and commercial data could have potentially been stolen by the hacker.

Top Malware Reported in the Last 24 Hours

ChastityLock ransomware source code leaked
A researcher has discovered a piece of code for ChastityLock ransomware exposed on a GitHub repository. The ransomware was observed targeting the users of the Bluetooth-controlled Qiui Cellmate chastity device. The expert warns of threat actors that could use the code to launch further cyberattacks against Cellmate devices.

Linking Sunburst with Kazuar
Researchers have some similarities between the Sunburst malware and Kazuar backdoor in a recent investigation. The backdoor in question appears to have been used by the Russian-linked threat actor group Turla. Researchers claim that there are several possibilities that Sunburst malware is a creation of the same threat actor group.

New backdoors revealed
The investigation of the XHunt campaign has resulted in the discovery of two new backdoors called TriFive and Snugy. In addition to this, researchers also decoded that BumbleBee web shell and SSH tunnels were used for moving laterally across the compromised networks.

 Tags

kazuar backdoor
sunburst malware
chastitylock ransomware
solarwinds
clop ransomware
xhunt campaign

Posted on: January 11, 2021

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!