Go to listing page

Cyware Daily Threat Intelligence, June 17, 2021

Cyware Daily Threat Intelligence, June 17, 2021

Share Blog Post

A threat actor has resurfaced after a two-month hiatus for a hunt, but this time for some other purpose. Politically motivated Molerats hackers, aka TA402, have targeted government institutions in the Middle East to steal confidential data. The latest wave of attacks is launched via spear-phishing emails containing PDF attachments that drop customized LastConn malware.

Another major blow comes in the shape of malicious activities by Ferocious Kitten that went undetected for many years. have put forth the undiscovered evasive tactics used by threat actors. This Iranian hacking group targeted the Psiphon and Telegram apps to install a trojan capable of stealing sensitive information.

As DarkSide ransomware continues to stride ahead with its malicious intentions, here’s another update that should be taken note of by organizations. It has been found that one of the affiliates of the ransomware gang, tracked as UNC2465, has shifted its focus to software supply chain attacks.

Top Breaches Reported in the Last 24 Hours

Polish entities targeted
Individuals and institutions in Poland were targeted in a series of cyberattacks, stated the country’s parliament. The incident is believed to have occurred last year and local law enforcement agencies are still investigating the attacks.

Leaky Amazon AWS
Around 20GB of confidential files containing personal information of retail customers was exposed due to an unprotected Amazon AWS bucket. These files included the full names, physical addresses, purchase details, phone numbers, and email addresses of users. The oldest orders dated back to 2019.

CVS Health record disclosed
An online database belonging to CVS Health had disclosed over a billion records following a misconfiguration issue. It contained 204GB of data, including production records of visitor IDs, session IDs, and device access information, among others.

Top Malware Reported in the Last 24 Hours

New Bash ransomware
DarkRadiation is new ransomware designed to target RedHat and CentOS Linux distributions. Currently, it is under development. However, early research shows that the ransomware includes Telegram for C2 communication.

Molerats hackers are back
A cyberespionage campaign targeting government agencies in the Middle East has been linked with the TA402 threat actor group, also called Molerats and GazaHacker. The campaign is initiated via spear-phishing emails containing PDF attachments that drop customized LastConn malware. The password-protected PDFs and the geofenced delivery methods helped threat actors to bypass automatic analysis products.

New Matanbuchus Loader
A new malware-as-a-service called Matanbuchus Loader is being sold on dark web markets and Telegram channels. The malware is capable of dropping second-stage malware payloads from C2 infrastructures.

Top Vulnerabilities Reported in the Last 24 Hours

Security flaw in 2G data encryption
A flaw discovered in an encryption algorithm used by 2G cell phones may have allowed attackers to eavesdrop on some network traffic for more than two decades. The vulnerability exists in the GEA-1 algorithm, which was meant to be obsolete in 2013, but researchers say they found it in some current Android and iOS smartphones.

Top Scams Reported in the Last 24 Hours

Ledger users targeted
Scammers are sending fake replacement devices to Ledger customers affected in a recent data breach to steal from their cryptocurrency wallets. Disclosing details of the scam, a Reddit user claimed that the packet was sent with a letter filled with grammatical errors. Although the device looked legitimate, the printed circuit board was modified.

 Tags

psiphon
darkside ransomware
molerats hackers
ta402
ferocious kitten

Posted on: June 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.