Go to listing page

Cyware Daily Threat Intelligence, June 10, 2021

Cyware Daily Threat Intelligence, June 10, 2021

Share Blog Post

Another data heist that went under the radar for years has come to the light. Apparently, this is the work of a new malware that is yet to be named by researchers. The mysterious malware has been around for two years, stealing around 1.2 terabytes of data from 3.2 million Windows systems. The interesting aspect of the malware is that it spreads via trojanized Adobe Photoshop software, pirated games, and Windows cracking tools.

A lesser-known APT group, Gelsemium, has emerged from the shadows to launch more cyberespionage attacks against public and private sector organizations located in East Asia and the Middle East. It is using a new version of a complex and modular malware that goes by the same name.

Meanwhile, the widely used TLS protocol is impacted by a newly found vulnerability dubbed ALPACA, short for Application Layer Protocol Confusion, that allows the theft of session cookies and enables cross-site scripting attacks.

Top Breaches Reported in the Last 24 Hours

JBS pays ransom
The world’s largest meat processor, JBS Foods, has paid a ransom of $11 million in Bitcoin to the DarkSide ransomware hackers to recover from the recent attack. The company has taken the decision to protect its data from the risk of being exposed. The attack had forced the company to shut down all its operations last week.

New attack campaigns detected
Researchers believe that a threat group dubbed Gelsemium is behind the supply-chain attack against BigNox that was previously reported as Operation NightScout. Numerous versions of the malware that go with the same name are also attributed to the group. Currently, the group is associated with new campaigns carried out against governments and electronics manufacturers located in East Asia and the Middle East.

Top Malware Reported in the Last 24 Hours

Mysterious malware discovered
An unnamed malware, that spreads via trojanized Adobe Photoshop versions, pirated games, and Windows cracking tools, is involved in a huge data heist lifted from 3.2 million Windows computers. The stolen information includes 6.6 million files and 26 million credentials and 2 billion web login cookies. The data belongs to social media, online marketplaces, job-search sites, gaming sites, financial services, email, and more.

Top Vulnerabilities Reported in the Last 24 Hours

New ALPACA vulnerability
Academics from three German universities have found a new vulnerability in the Transport Layer Security (TLS) protocol that allows the theft of session cookies and enables cross-site scripting attacks. Dubbed ALPACA (Application Layer Protocol Confusion), the vulnerability has been successfully exploited at a major Bitcoin exchange website and the Government of India’s webmail service.

A fault in Cisco smart install protocol
Cisco’s Smart Install protocol is still being abused in attacks, five years after the networking giant issued its first warning. The report suggests that there are still roughly 18,000 devices exposed due to the fault in the protocol.

DoS vulnerabilities
Organizations have been warned about DoS vulnerabilities found in three widely used open-source, RabbitMQ, EMQ X, and VerneMQ. The vulnerabilities are tracked as CVE-2021-22116, CVE-2021-33175, and CVE-2021-33176. The flaws were patched in March, April, and May respectively.

Top Scams Reported in the Last 24 Hours

Impersonating construction companies
The FBI has warned private companies of scammers impersonating construction companies in BEC attacks that target organizations in multiple critical infrastructure sectors in the U.S. To successfully pull off these attacks, the scammers use information collected via online services on construction companies. The information harvested by the attackers allows them to custom-tailor emails designed to exploit the business relationships between the victims and the construction contractors.


gelsemium hacker group
cross site scripting attacks
jbs foods
alpaca application layer protocol confusion

Posted on: June 10, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.