Go to listing page

Cyware Daily Threat Intelligence, March 14, 2022

Cyware Daily Threat Intelligence, March 14, 2022

Share Blog Post

Escalating ransomware attacks are taking a toll on organizations. Lately, two automotive giants -  Bridgestone Americas and Denso - confirmed being targeted by LockBit 2.0 and Pandora ransomware groups, respectively. While Bridgestone Americas is ascertaining the amount of data stolen by the LockBit gang, Denso had around 1.4TB of data pilfered by Pandora.

In separate news, fresh evidence reveals that Shamoon and Kwampirs malware are maintained by the same threat actor group. There is an overlap of source code and techniques between the two malware families, which are widely used to target the healthcare industry and supply chains. Furthermore, the lesser-known Aberebot Android banking trojan has been rebranded as Escobar to harvest victims’ banking account credentials.

Top Breaches Reported in the Last 24 Hours

LockBit targets Bridgestone Americas
The networks of Bridgestone Americas have been compromised in a LockBit ransomware attack. Taking responsibility for the attack, the threat actors have further planned to release the stolen data by March 15, if the company denies paying the ransom. Meanwhile, the firm is investigating the extent of the attack.

Denso targeted
Automotive giant Denso has confirmed a cyberattack by Pandora ransomware. While the incident is under investigation, the attackers revealed that they have stolen 1.4TB of data from the firm. This includes a purchase order, a technical component document, and a sales file.

Top Malware Reported in the Last 24 Hours

RedLine stealer is back
A new RedLiner stealer campaign that uses Valorant cheat lures to trick players into downloading the malware has been identified by researchers. The campaign makes use of YouTube to disseminate these fake cheat tools to target the Valorant gaming community.

Email templates spread Lampion trojan
The operators behind the Lampion trojan continue to use fake email templates of banking organizations in Portugal to distribute the malware. Additionally, the TTPs and capabilities remain the same as observed in 2019. Also, the C2 server, which is geolocated in Russia, is the same as noticed in the past campaigns since 2020.

Shamoon linked to Kwampirs
New finding shows that there is an overlapping of source code and techniques between Shamoon and Kwampirs. Additionally, it is revealed that the same group or really close collaborators are behind both the malware families. The similarities include the functionality to retrieve system metadata and fetch MAC address and the victim’s keyboard layout information, as well as the use of the same InternetOpenW Windows API to craft HTTP requests.

New variant of Maxtrilha trojan spotted
A new variant of Maxtrilha trojan has been found impacting users in Portugal since last month. The campaign leverages phishing emails impersonating tax services in Portugal. The malware variant is capable of recording keystrokes, stealing sensitive information, and capturing screenshots.

Aberebot rebranded
The Aberebot Android banking trojan has returned as Escobar to target users. It includes several new capabilities, such as stealing Google Authenticator MFA codes, recording audio, taking photos, and harvesting victims’ bank account credentials.

Top Vulnerabilities Reported in the Last 24 Hours

New security flaw in Linux kernel
A new security flaw in the Linux kernel can allow attackers to gain elevated privileges on vulnerable systems and later execute arbitrary code. Tracked as CVE-2022-25636, the flaw impacts Linux versions from 5.4 to 5.6.10. It is a heap out-of-bounds write issue in the Netfilter subcomponent in the kernel.

 Tags

kwampirs
lockbit 20 ransomware group
denso
shamoon
pandora ransomware
aberebot android banking trojan
bridgestone americas

Posted on: March 14, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.