Go to listing page

Cyware Daily Threat Intelligence, June 07, 2021

Cyware Daily Threat Intelligence, June 07, 2021

Share Blog Post

It is all about business and no-nonsense for the notorious Evil Corp cybercrime group! The most-wanted Russian hacking group recently rebranded itself as new PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury. Previously, the gang had mimicked the Hades ransomware to bypass U.S. sanctions.

In another incident, Ukrainian public and private sector firms became the targets of a massive spear-phishing campaign that resulted in the attackers taking full control of some targeted systems. Launched by Russian threat actors, the campaign was carried out by impersonating the Kyiv Patrol Police Department.

A never-before-seen malware targeting Kubernetes clusters has been spotted by researchers. Named Siloscape, the heavily obfuscated malware can launch a backdoor on poorly configured clusters to run malicious code.

Top Breaches Reported in the Last 24 Hours

Spear-phishing attack
Several organizations in the Ukrainian public and private sectors were targeted in a massive spear-phishing attack carried out by Russian threat actors. The attack, which took place last week, was carried out through emails purporting to be from representatives for the Kyiv Patrol Police Department. The emails warned recipients of their failure to pay local taxes.

Nucleus Software affected
Nucleus Software Exports has fallen victim to an Epsilon Red ransomware attack that resulted in the takedown of some of its internal networks and encrypted sensitive data. The firm revealed that the breach occurred on May 30. However, it has taken appropriate measures to address the issue.

Top Malware Reported in the Last 24 Hours

New Siloscape malware
Siloscape is the first known malware targeting Kubernetes clusters through Windows containers. This heavily obfuscated malware opens a backdoor into poorly configured clusters to launch malware.

Evil Corp rebrands itself
The Evil Corp cybercrime group has rebranded to PayloadBIN ransomware to evade sanctions imposed by the U.S. Treasury Department’s Office of Foreign Assets Control. Previously, the gang had renamed its ransomware operations to different names such as WastedLocker, Hades, and Phoenix to bypass these sanctions.

Top Vulnerabilities Reported in the Last 24 Hours

Urge to patch VMware
The CISA has warned companies running VMware vCenter Server and VMware Cloud Foundation software to deploy patches, as soon as possible, to prevent cyberattacks. The flaws, tracked as CVE-2021-21985 and CVE-2021-21986, have a severity rating of 9.8 out of 10.

Top Scams Reported in the Last 24 Hours

WhatsApp hijack scam
Scammers are posing as friends and asking for SMS security code as a part of an ongoing WhatsApp hijack scam. The scam has been around for years and yet victims continue to fall for it. WhatsApp has advised users to be cautious and not reveal their OTP or SMS security code to strangers.


vmware vcenter server
nucleus software exports
evil corp cybercrime group
kyiv patrol police department

Posted on: June 07, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.