Go to listing page

Cyware Daily Threat Intelligence June 22, 2021

Cyware Daily Threat Intelligence June 22, 2021

Share Blog Post

Threats of new malware continue to loom large over the cyberspace. In the past 24 hours, researchers have spotted variants of two notorious malware, namely Agent Tesla and DarkSide ransomware. While the new version of Agent Tesla is being used as a part of a COVID-19 vaccine registration phishing campaign, the new Linux version of DarkSide appears to target VMware virtual machines, despite the gang closing its operations.

A major update on DarkRadiation ransomware, which is still under development, has also come under researchers’ lens. Attackers have started leveraging the ransomware to target Linux and Docker containers. Malicious activities of DirtyMoe have also been reported as security experts reveal that the malware has infected over 100,000 Windows systems.

Top Breaches Reported in the Last 24 Hours

Maximus suffers a breach
A security breach at Maximus, a data manager for the Ohio Department of Medicaid, resulted in the theft of personal data. Attackers had gained unauthorized access to the data in the care for two days. The information exposed included names, dates of birth, and social security numbers of individuals.

Security lapse
The Asia Pacific Network Centre (APNIC) had inadvertently left a portion of its Whois SQL database exposed for three months before it was fixed. The incident occurred during a maintenance operation. Initial investigation has found no evidence of misuse of the information.  

ADATA attacked by Ragnar Locker
Taiwan-based memory and storage manufacturer ADATA has taken its systems offline following an attack by Ragnar Locker ransomware. It is now revealed that the hackers have made more than 700GB of archived stolen data public. ADATA was hit by ransomware on May 23.

RBA’s customers targeted
Approximately 38,000 of RBA’s customers had their embryology data stolen following a ransomware attack. The healthcare facility revealed that the cyberattackers were able to infiltrate its network on April 7.

Top Malware Reported in the Last 24 Hours

New details on DirtyMoe malware
DirtyMoe, known for cryptomining and DDoS attacks, has infected over 100,000 Windows systems, according to researchers. The initial infection process relies on spam emails to lure users to malicious sites hosting an exploit kit named PurpleFox.

New variant of Agent Tesla spotted
A new variant of Agent Tesla RAT has been uncovered in a new phishing email campaign that used COVID-19 vaccination as a lure. The email asks recipients to review an issue with vaccination registration by visiting a malicious link attached within. Once executed, the malware variant collects credentials and other sensitive data.

Linux version of DarkSide 
A Linux version of DarkSide RaaS being promoted in the XSS hacking forum is now targeting ESXi servers. Written in C++, the malware collects the information before encrypting the files using Chacha20 and RSA 4096 algorithms.

DarkRadiation finds its target
A newly discovered DarkRadiation ransomware has been found targeting Linux and Docker cloud containers, while banking on Telegram messaging service for C2 communications. Said to be under development, the ransomware leverages several obfuscation tactics, one of them including the use of ‘node-bash-obfuscate’ open-source tool.

Cryptojacking attack
Six malicious packages discovered in the PyPI repository for Python projects turned developers’ workstations into cryptomining machines. These packages, traced as maratlib, maratlib 1, matplatlib-plus, mllearnlib, mplatlib, and learninglib, infiltrated PyPI in April.

Top Vulnerabilities Reported in the Last 24 Hours

Chromium XSS flaw
The Chromium team has patched a 2.5 year-old flaw that can lead to cross-site scripting attacks on web pages. It can even allow attackers to bypass Content Security Policy (CSP) on the web page. The flaw was discovered in 2018, the PoC for which was released by a researcher. 

Tor Project fixes vulnerabilities
The Tor Project has released Tor Browser 10.0.18 to fix numerous vulnerabilities. One of these flaws could allow sites to track users through the applications installed on their devices.

 Tags

agent tesla rat
adata
darkside ransomware
dirtymoe malware
darkradiation ransomware

Posted on: June 22, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.