Go to listing page

Cyware Daily Threat Intelligence, January 17, 2022

Cyware Daily Threat Intelligence, January 17, 2022

Share Blog Post

Malware targeting Linux devices hit a new high in 2021 as researchers recorded a 35% increase in such attacks. This continues to be a matter of concern for this year too, as threat actors continue to brush up on the features of existing ransomware. Lately, the lesser-known SFile ransomware has been revamped with new modules to target Linux systems. The new variant uses the RSA and AES algorithms to encrypt files during the infection process.

Talking about other ransomware threats, Qlocker ransomware is back in a new wave of attacks targeting QNAP NAS devices. A fake ransomware attack that involves the use of a new malware dubbed WhisperGate is also creating a nuisance by targeting multiple organizations in Ukraine.

Top Breaches Reported in the Last 24 Hours

Hensoldt hit by a ransomware attack
Hensoldt, a multinational defense contractor headquartered in Germany, has been hit by the Lorenz ransomware. The attackers have claimed the attack by disclosing a small part of the files stolen from Hensoldt’s network. Since December 17, 2021, the gang has published 95% of stolen files on its site.

Goodwill hacked
Nonprofit organization Goodwill is notifying its users about a security breach that affected their personal information. The incident occurred after cybercriminals gained unauthorized access by exploiting a vulnerability in the website. Among the compromised information were full names, email addresses, phone numbers, and mailing addresses of users.

UNC1151 deface websites
Dozens of Ukrainian government websites were defaced by the APT group UNC1151. The defaced websites were displayed with messages written in Russian, Ukrainian, and Polish languages. The campaign abused compromised Content Management Systems (CMS) to disseminate fake news.

Top Malware Reported in the Last 24 Hours

Linux variant of SFile ransomware spotted
A new variant of SFile ransomware has been spotted targeting Linux systems worldwide. The ransomware variant uses the RSA and AES algorithms to encrypt files. Additionally, researchers have identified a variant of the ransomware that targeted the FreeBSD platform in an attack against a partially owned state-owned company in China.

Qlocker ransomware returns
A new wave of Qlocker ransomware campaigns has been found targeting QNAP NAS devices worldwide. The campaign started on January 6. After encrypting files, it drops ransom notes named !!!READ_ME.txt on infected devices. The victims are prompted to visit a Tor site for more information on how to make the payment to regain access to their files.

New WhisperGate malware
Microsoft has shared details about new destructive malware attacks targeting multiple organizations in Ukraine. Researchers identified a new malware dubbed WhisperGate that destroys victims’ information by first overwriting the MBR disk and then displaying a fake ransom note. It contains a message urging the victim to send $10,000 to the Tor address site. Researchers believe it to be a work of the DEV-0586 threat actor group.

Top Vulnerabilities Reported in the Last 24 Hours

Plugins affected by a CSRF flaw
Researchers disclosed a serious security flaw affecting three WordPress plugins that impact over 84,000 websites. The cross-site request forgery flaw is tracked as CVE-2022-0215 and rated 8.8 on the CVSS scale. The affected plugins are Login/SignUp Popup, Side Woocommerce, and Waitlist Woocommerce. The developers have addressed the flaw by issuing new versions of the plugins.


sfile ransomware
csrf flaw
whispergate malware

Posted on: January 17, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.