Go to listing page

Cyware Daily Threat Intelligence, March 15, 2022

Cyware Daily Threat Intelligence, March 15, 2022

Share Blog Post

Amid the ongoing geopolitical tensions, the cyber threat landscape is witnessing a rise in data-wiping malware activity. Researchers have uncovered a new CaddyWiper malware being used against Ukrainian organizations. This is the fourth malware of its kind to be discovered in a month's time. A new phishing attack has also been identified against Ukrainians that delivers Cobalt Strike and other malware in the name of fake Windows antivirus updates.

There’s also an update about an ongoing Zloader attack campaign targeting organizations worldwide. Active since 2021, the campaign makes use of fake installers for multiple legitimate tools, such as Zoom, Atera, NetSupport, Brave Browser, JavaPugin, and TeamViewer to perform reconnaissance and download the malware.

Top Breaches Reported in the Last 24 Hours

DDoS attacks on Israel
An Iranian-linked hacking group has been held responsible for DDoS attacks on Israeli government sites (with the .GOV.IL domain). Following these attacks, the affected websites were down for some time before they were restored to a normal state.

Top Malware Reported in the Last 24 Hours

CaddyWiper malware detected
A new CaddyWiper malware has affected a dozen systems across Ukraine. The malware is designed to damage targeted systems by erasing user data, programs, hard drives, and partition information. Researchers indicate that the malware does not share any significant code similarities with HermeticWiper or IssacWiper malware. In some cases, it was distributed through Microsoft Group Policy.

Cobalt Strike attack
Fake Windows antivirus updates are being used to install Cobalt Strike and other malware on systems in Ukraine. These updates are distributed via phishing emails that pretend to be from Ukrainian government agencies. They include a link to a French website that contains a download button for the supposed antivirus software updates.

Zloader trojan campaign spotted
An ongoing, widespread intrusion campaign that distributes the Zloader trojan has been detected by researchers. The campaign leveraged fake installers of legitimate tools such as Zoom, Atera, NetSupport, Brave Browser, JavaPugin, and TeamViewer to perform reconnaissance and download the malware.

Top Vulnerabilities Reported in the Last 24 Hours

Apple issues security fixes
Apple has released fixes for at least 39 security gaps detected in its flagship iOS and iPadOS platforms. The most serious of these flaws could expose users to remote code execution attacks. Some of these flaws are related to memory corruption issues in several OS software components, including AVEVideoEncoder, CoreMedia, FaceTime, GPU Drivers, iTunes, Kernel, Sandbox, Siri, and Software update. Additionally, iOS 15.4 and iPadOS 15.4 address many of these vulnerabilities.

Veeam patches two flaws
Veeam has announced patches for two vulnerabilities impacting its data backup solution. Tracked as CVE-2022-26500 and CVE-2022-26501, the flaw can be exploited to execute code remotely without the requirement of authentication. They have a CVSS score of 9.8.

 Tags

cobalt strike tool
caddywiper malware
veeam software
zloader attack campaign

Posted on: March 15, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.