Go to listing page

Cyware Daily Threat Intelligence, March 10, 2022

Cyware Daily Threat Intelligence, March 10, 2022

Share Blog Post

The Emotet trojan is once again exhibiting signs of steady growth since its re-emergence in November 2021. Researchers have lately raised an alarm about the trojan after they found around 130,000 infected devices across 179 countries. The grim fact is that the malware authors have come up with a new version of the trojan that uses Elliptic Curve Cryptography (ECC) as a part of its evasion tactic.

Meanwhile, the notoriety of the Conti ransomware group has come under the spotlight as the CISA shared an alert with IoCs comprising close to 100 domain names. The agency has further highlighted that the attackers have hit more than 1,000 organizations across the world. In separate news, a new threat actor group operating under the umbrella of MuddyWater APT group has been found targeting Turkey and other Asian countries.

Top Breaches Reported in the Last 24 Hours

Turkey and Asian countries targeted
A sub-group of the MuddyWater APT has been found targeting Turkey and some Asian countries. The campaign makes use of malicious documents to deploy downloaders and RATs. In one such attack, the Arabian peninsula was targeted with a RAT called SloughRAT. The trojan is relatively new and attempts to execute arbitrary code and commands received from its C2 servers.

Top Malware Reported in the Last 24 Hours

Raccoon Stealer attack campaign spotted
Researchers came across new attack campaigns distributing Raccoon Stealer. The malware used the Telegram infrastructure to store and update actual C2 addresses. The stealer was distributed via fake game cheats, patches for cracked software, or other software. It is capable of stealing cookies, login credentials, and data from browser plugins.

Disguising malware to infect systems
Cybercriminals are leveraging the ongoing Russia-Ukraine conflict to target Russian entities. They are tricking users into downloading malware that purports to be offensive cyber tools for targeting Russian organizations. In one such instance, a threat actor distributed a stealer malware in the form of a DDoS tool on Telegram that was supposed to be used against Russian websites. The capabilities of the stealer include pilfering credentials and cryptocurrency-related information.

Emotet gets severe
A new report reveals that the Emotet trojan has infected around 130,000 devices across 179 countries, since its re-emergence in November 2021. Additionally, researchers have also found a new version of the trojan that supports new features, such as the use of encryption for network traffic and the separation of the process list into its own module, to avoid detection and analysis.

Conti’s IoCs shared
The CISA has shared a new alert on Conti ransomware’s activities, which also includes details of 98 domain names used in malicious operations. It also revealed that the attackers have targeted more than 1,000 organizations across the world.

Top Vulnerabilities Reported in the Last 24 Hours

Siemens addresses over 90 vulnerabilities
Siemens has released over 15 new advisories for more than 100 vulnerabilities affecting its products. These include 90 security flaws introduced by the use of third-party components. Around three critical flaws and another eight high-severity flaws have been identified in Mendix, COMOS, Simcenter, SIMOTICS, SINEC, RUGGEDCOM, and SINUMERIK products.

 Tags

muddywater apt group
conti ransomware group
emotet trojan
raccoon stealer
siemens

Posted on: March 10, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.