Go to listing page

Cyware Daily Threat Intelligence, March 17, 2021

Cyware Daily Threat Intelligence, March 17, 2021

Share Blog Post

While the cyber world is still reeling from the effects of recent large-scale supply-chain hacks, more conventional attack campaigns continue to resurface. Now, security researchers have discovered a cyber espionage campaign dubbed Operation Diànxùn that was found targeting numerous telecommunications providers across Southeast Asia, Europe, and the U.S.

In a bid to further their malicious operations, cybercrime groups are busy upgrading their arsenal. A new variant of Mirai botnet was found exploiting vulnerabilities in SonicWall SSL-VPN, D-Link DNS-320 firewall, Netgear ProSAFE Plus, Netis WF2419 wireless router, and other IoT devices. In other news, the FBI has warned of PYSA ransomware attacks against educational institutions in the U.K and the U.S.

Top Breaches Reported in the Last 24 Hours

Mimecast source code stolen
Mimecast revealed that SolarWinds attackers broke into its internal network and downloaded source code from a limited number of repositories. The attackers, moreover, gained access to a subset of email addresses, salted and hashed credentials, and contact info.

Operation Diànxùn
An espionage campaign dubbed Operation Diànxùn has been identified by the McAfee Advanced Threat Research Strategic Intelligence team. The attack tactics match those of RedDelta and Mustang Panda threat actors. The campaign is actively targeting telecommunication firms and the goal is suspected to be gaining access to covert information related to 5G technology. 

SCCB suffers ransomware attack
South and City College Birmingham (SCCB) closed all eight of its campuses after a massive ransomware attack disabled its IT systems. All 13,000 students were informed about online lectures and have been asked to stay away from college campuses.

WeLeakInfo leaked info
A threat actor leaked data, including customer and payment information, from the WeLeakInfo data breach site and published it on another hacker forum - RaidForums. The now-defunct website contained around 12.5 billion user records, including names, email addresses, phone numbers, addresses, and passwords. 

Top Malware Reported in the Last 24 Hours

PYSA ransomware attacks surge
The FBI has warned of PYSA ransomware attacks against educational institutions in the U.K and the U.S. The flash alert was released in coordination with DHS-CISA and offers IoCs to defend against the threat.

New Mirai variant
Unit 42 researchers discovered a new variant of Mirai botnet attacking SonicWall SSL-VPN, D-Link DNS-320 firewall, Netgear ProSAFE Plus, Netis WF2419 wireless router, and other IoT devices. Some of the vulnerabilities exploited by the malware are tracked as CVE-2020-25506, CVE-2020-26919, and CVE-2019-19356, among others.

Top Vulnerabilities Reported in the Last 24 Hours

XSS flaw quacks in DuckDuckGo 
DuckDuckGo has fixed a universal XSS flaw in a popular browser extension—DuckDuckGo Privacy Essentials—for Firefox and Chrome. This flaw could allow attackers to execute arbitrary code on any domain.

Top Scams Reported in the Last 24 Hours

Phishing scam targets banks
A phishing scam has been spotted to lure Indian users into disclosing personal and banking information. The targeted banks include ICICI, State Bank of India, HDFC, Punjab National Bank, and Axis Bank. The links have been found to be originating from France and the U.S.


 Tags

mustang panda
pysa ransomware
credential phishing campaign
new mirai variant
solarwinds attack
weleakinfo

Posted on: March 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.