Go to listing page

Cyware Daily Threat Intelligence, March 01, 2022

Cyware Daily Threat Intelligence, March 01, 2022

Share Blog Post

Things get messy when two cybercriminal outfits target one organization simultaneously. Apparently, Conti and Karma ransomware actors were engaged in a dispute to claim an upper hand in an attack targeted at a Canada-based healthcare firm. While Karma ransomware struck first and chose not to encrypt the data after stealing it, Conti, on the other hand, showed no such restraint.

Notably, there’s a new twist in Conti’s tale after a Ukrainian hacker leaked a big chunk of internal messages associated with the ransomware’s operations.

Meanwhile, small-time crooks have begun leveraging the Ukrainian crisis to steal credentials from Microsoft users. So, beware of any phishing emails that prompt you to take immediate action due to suspicious activity detected on your account.

Top Breaches Reported in the Last 24 Hours

Viasat attacked
Satellite communication giant Viasat was hit by a cyberattack that caused an internet outage across Europe. The firm has notified law enforcement agencies and government partners who are currently investigating the incident. Reports suggest that the attack began on February 24 and is ongoing.

Canada healthcare affected
An incident of a dual ransomware attack that affected a Canada-based healthcare organization has been explained by researchers. The incident occurred in December 2021 and was launched by the Karma ransomware gang first and later by the Conti ransomware gang. The attackers had managed to intrude into the victim’s network by exploiting ProxyShell vulnerability.

Axis Communications hit
A Sweden-based security solutions provider, Axis Communications, was hit by a cyberattack that disrupted its operations. The attack involved social engineering and account takeovers, with the attackers managing to bypass the MFA protection layer.

Conti’s internal conversations leaked
A Ukrainian hacker has leaked over 60,000 internal messages belonging to Conti ransomware. The data was leaked by accessing the "ejabberd database" backend for Conti's XMPP chat server. The conversations include gang activities, private data leak URLs, bitcoin addresses, and details about the gang’s operations.

Top Malware Reported in the Last 24 Hours

New Daxin backdoor
A new stealthy backdoor named Daxin has been associated with a China-based hacking group. The malware is designed to give an attacker low-level root privileges on a compromised system. The malware was last used in November 2021 to target critical infrastructure in multiple countries.

New FoxBlade malware
Microsoft revealed that a new malware, dubbed FoxBlade, was used on several networks based in Eastern Europe. The malware was also used in destructive attacks against Ukraine right before the Russian invasion. It is capable of launching DDoS attacks on systems.

Top Vulnerabilities Reported in the Last 24 Hours

Flawed Gerv systems
Six critical vulnerabilities affecting Gerbv, an open-source file viewer for PCB designs, can be exploited to take control of systems. Four of these flaws—tracked as CVE-2021-40391, CVE-2021-40393, CVE-2021-40394, and CVE-2021-40401—have a CVSS score of 10. Two other vulnerabilities are tracked as CVE-2021-40400 and CVE-2021-40402. Both can be exploited via specially crafted Gerber files. While the vendor has issued patches for four flaws, two other flaws remain unpatched.

Top Scams Reported in the Last 24 Hours

Phishing attacks
A spate of phishing emails is being used against Microsoft account users to pilfer their credentials. The attackers are capitalizing on the Ukrainian crisis to spread terror among the recipients. The email asks the victims to log into their accounts as an unusual sign-on activity from Russia has been detected. The subject line of the email includes ‘Report the user.’

 Tags

daxin backdoor
viasat
conti ransomware gang
foxblade malware
axis communications
karma ransomware

Posted on: March 01, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.