Go to listing page

Cyware Daily Threat Intelligence, January 31, 2022

Cyware Daily Threat Intelligence, January 31, 2022

Share Blog Post

The success rate of decade-old spear-phishing tactics is one of the reasons that it remains a go-to attack vector for cybercriminals. In a new finding, several Turkish government entities have fallen victim to a sophisticated spear-phishing attack that was launched by the MuddyWater APT group. The campaign has been active since November 2021. In another worrisome situation, tIn another worrisome situation, experts associated the Shuckworm APT group with the recent barrage of cyberattacks targeting a number of organizations in Ukraine.

A case of a misconfigured AWS instance also came under the scanner of researchers in the last 24 hours. The unprotected server in question exposed 3TB of sensitive data belonging to airport employees across Colombia and Peru.

Top Breaches Reported in the Last 24 Hours

Advocates suffers a data breach
Advocates, a nonprofit organization based in Massachusetts, notified approximately 68,000 of its customers about a security breach that occurred in September 2021. The incident resulted in the exfiltration of personal data such as names, contact details, Social Security Numbers, dates of birth, client identification numbers, and health insurance information of individuals.

Shuckworm group targets Ukraine
The Russian-linked Shuckworm threat actor group has been associated with a series of cyberattacks against the targets in Ukraine. The group is known to use phishing emails to distribute freely available remote access tools or customized malware called Pterodo to targets.

Vulnerable DCIM instances
Over 20,000 instances of Data Center Infrastructure Management (DCIM) software could have been exposed to a range of catastrophic attacks. According to researchers, some of these instances used default passwords or outdated ones. Attackers could have leveraged these instances to change temperature and humidity thresholds, configure voltage parameters to dangerous levels, or create false alarms.

3TB of personal data exposed
An unsecured AWS server belonging to Securitas has exposed 3TB of sensitive data belonging to airport employees across Colombia and Peru. This included data from four airports: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). The data dated back to 2018 and contained names, photos, occupations, and national ID numbers of employees.

Turkish government entities targeted
A cyberespionage campaign targeting the Turkish government entities has been active since November 2021. Attributed to the MuddyWater APT group, the campaign involves the use of malicious PDFs and Microsoft Office documents to serve as the initial infection vector. These malicious docs appeared to be from the Turkish Health and Interior Ministries.

Top Vulnerabilities Reported in the Last 24 Hours

macOS vulnerabilities patched
Multiple macOS vulnerabilities discovered by researchers could allow threat actors to access users’ online accounts, microphones, and webcams. The issues exist in iCloud Sharing and Safari 15 and can be abused to hack users’ iCloud, PayPal, Facebook, and Gmail. Apple has issued patches for these vulnerabilities in early 2022.

SureMDM vulnerabilities detected
A series of vulnerabilities discovered in 42Gears’ SureMDM device management products could have exposed companies to supply chain attacks. Some of these flaws affected 42Gears web consoles. Threat actors can abuse these vulnerabilities to disable security tools and install malware onto Linux, macOS, or Android devices with SureMDM installed.


shuckworm apt group
suremdm vulnerabilities
muddywater apt

Posted on: January 31, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.