Go to listing page

Cyware Daily Threat Intelligence, March 03, 2021

Cyware Daily Threat Intelligence, March 03, 2021

Share Blog Post

What’s old is new again! An instance of malware code recycle has captured the attention of researchers. They have found that the QNAPCrypt ransomware—famously known for targeting Linux-based systems—is a recycled version of the SunCrypt ransomware. Both share similarities in the file encryption process.

In other news, four zero-day flaws that were a potential target for the Chinese-based HAFNIUM threat actor group were patched as a part of the emergency release by Microsoft. Google has also released fixes for 37 vulnerabilities found in the kernel, Qualcomm, and Qualcomm closed-source components.

Top Breaches Reported in the Last 24 Hours

Malaysia Airlines discloses a breach
Malaysia Airlines has disclosed details about a data breach that spanned for nine years. This resulted in the compromise of the personal information of members in its Enrich frequent flyer program. The breach occurred at a third-party IT service provider and the member data was available online between March 2010 and June 2019.

PrismHR suffers an attack
Payroll giant PrismHR has likely suffered an outage due to a ransomware attack that disrupted its 200 PEO clients across the country. The firm is working on getting the affected system back online.

Updates on attacks on Perl.com
The Perl.com domain was hijacked in January 2021, however, but the latest update states that the attack took place months before, in September. The attackers had compromised the domain in an attempt to launch malware campaigns.

Ringostat’s data leak
An Elasticsearch database belonging to phone-tracking service Ringostat had leaked millions of phone numbers, recordings, metadata, and call logs. The database had exposed over 800 GB of user data.

CallX’s cloud-config error
The U.S. telemarketing company, CallX, has leaked the personal details of tens of thousands of consumers due to a misconfigured cloud storage bucket. Among the data leaked, included full names, home addresses, and phone numbers of users.

Top Malware Reported in the Last 24 Hours

SunCrypt related to QNAPCrypt
New research reveals that the SunCrypt ransomware shares similarities with QNAPCrypt ransomware, which targets Linux-based file storage systems. Investigation says that the QNAPCrypt and an early version of SunCrypt share identical code logic for file encryption. Both the ransomware cease the encryption process if they are running on systems located in Belarus, Russia, or Ukraine.

16Shop’s kit’s new addition
The 16Shop phishing kit has been enhanced to add another module to steal data and compromise Cash App user accounts. This will enable fraudsters to target a number of banks on the app while stealing the financial information and accounts of users.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches 4 zero-day flaws
Microsoft has released emergency patches to address four zero-day flaws in the Exchange Server that are being actively exploited by a new Chinese state-sponsored threat actor group HAFNIUM. The flaws are tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The impacted products are Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019.

Google patches 37 vulnerabilities
Google has issued patches for 37 vulnerabilities as part of Android security updates for March 2021. This includes a fix for a critical flaw tracked as CVE-2021-0397 which affects Android 8.1, 9, 10, and 11 releases. The issue could allow an attacker to execute code remotely on a vulnerable device. Other impacted systems include kernel components, Qualcomm components, and Qualcomm closed-source components.


hafinum threat actor group
qualcomm component
qnapcrypt ransomware
suncrypt ransomware

Posted on: March 03, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.