Go to listing page

Cyware Daily Threat Intelligence, January 14, 2022

Cyware Daily Threat Intelligence, January 14, 2022

Share Blog Post

With millions of dollars in Bitcoins and other digital coins being stolen by cybercriminals, several victims worldwide are left in limbo. Lately, researchers have made an eye-opening revelation about North Korean threat actors who made almost $400 million in cryptocurrency by hacking nearly seven companies over the course of 2021. One of these attacks was pulled off by the BlueNoroff threat group using a fake version of the Metamask Chrome extension.

In other news, GootLoader operators are poisoning WordPress sites globally in an attempt to infect organizations with ransomware, and other malware. The attack campaign has so far targeted three law firms and one accounting firm. 


Top Breaches Reported in the Last 24 Hours

North Korean hackers steal $400 million 
In a new finding, researchers revealed that North Korean hackers made almost $400 million in cryptocurrency over the course of 2021. The hackers managed to steal the amount by hacking seven companies. One of these hacks was pulled off by a group named BlueNoroff using a fake version of the Metamask Chrome extension.

Phishing against Office 365 and Gmail users
Threat actors are leveraging Adobe Creative Cloud to target Office 365 and Gmail users in a new phishing campaign. In thiscampaign, the attackers are sending malicious links for an image or PDF file through an email to an Office 365 or Gmail user. These links, which appear to be from Adobe Cloud Suite, redirect users to a phishing site that steals their credentials. 

Top Malware Reported in the Last 24 Hours

New GootLoader campaign spotted
A new GootLoader campaign hijacks WordPress sites to lure professionals to download malicious sample contract templates. The campaign has so far targeted three law firms and one accounting firm. As a part of the infection chain, the attackers also leveraged Google’s SEO algorithm to get their malicious sites and downloads to the top of keyword search results. The malicious templates used against law firms were named ‘Post Nuptial Agreement,’ ‘Model IP Agreement,’ and ‘Olympus Plea Agreement.’

Top Vulnerabilities Reported in the Last 24 Hours

Cisco patches Contact Center Products
Cisco announced patches for a critical vulnerability in its Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM). Tracked as CVE-2022-20658, the flaw could be exploited remotely to elevate privileges to an administrator. The security flaw has been addressed with the release of Unified CCMP/ Unified CCDM versions 11.6.1 ES17, 12.0.1 ES5, and 12.5.1 ES5.

Amazon fixes multiple flaws
Amazon has fixed multiple critical zero-day vulnerabilities affecting its AWS Cloud. One of these flaws, dubbed Superglue, could be abused by attackers to access users’ data in the AWS Glue service. Another flaw exists in the AWS CloudFormation and could have been used to leak sensitive files. 

 Tags

unified contact center management portal unified ccmp
bluenoroff
office 365 login credentials
unified contact center domain manager unified ccdm
gootloader campaign

Posted on: January 14, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.