Go to listing page

Cyware Daily Threat Intelligence, March 23, 2022

Cyware Daily Threat Intelligence, March 23, 2022

Share Blog Post

Time is of the essence when it comes to preventing ransomware attacks. In new research compiled on ten big ransomware families, Splunk revealed that LockBit is the fastest ransomware that is capable of encrypting nearly 100,000 files in just four minutes. In separate news, BitLocker ransomware targeted a major meat producer, affecting all its subsidiaries. Additionally, DeadBolt ransomware has infected over 5,000 QNAP NAS devices, with more than 1,000 discovered only in March.

Several malware threats attributed to different Chinese threat actors have also been observed in the last 24 hours. A custom macOS malware called GIMMICK was used by Storm Cloud, the Chinese threat actor group, to launch a campaign in 2021. On the other hand, Mustang Panda has been linked to a new Hodur malware that is being used in an ongoing attack campaign.

Top Breaches Reported in the Last 24 Hours

Data of over 40,000 London voters leaked
Personal data of 43,000 voters was accidentally leaked after the electoral services department of Wandsworth Council of London shared the emails to the wrong recipients. Among the data exposed included names, addresses, and voting instructions for people.

SAMH’s data leaked
The attackers behind RansomEXX ransomware published 12 GB of data stolen from the Scottish Association for Mental Health (SAMH). This included individuals’ driving licenses, passports, home addresses, and phone numbers. In some cases, passwords and credit card details were also affected.

Nestlè hacked
Anonymous hacktivists announced that it hacked Nestlè and stole 10 GB of sensitive data, including company emails, passwords, and data related to business customers. The hacking group also leaked a portion of the stolen data online.

Greece’s public postal service affected
Several services at ELTA, the state-owned provider of postal services in Greece, were affected following a ransomware attack. The attackers exploited an unpatched vulnerability to intrude into its network. Currently, ELTA can't offer services of mail post, bill payments, or process any form of financial transaction order.

Top Malware Reported in the Last 24 Hours

New GIMMICK malware
A newly discovered macOS malware called GIMMICK has been attributed to the Storm Cloud Chinese espionage threat actor group. While the macOS variant is written in Objective C, the Windows versions are written in both .NET and Delphi. Researchers discovered the sample in a campaign that was used to compromise a MacBook Pro running macOS 11.6.

DeadBolt ransomware attack spotted
Researchers discovered that over 5,000 QNAP NAS devices have been affected by the DeadBolt ransomware since January 26. The ransomware asked 0.03 Bitcoin in ransom to release the decryption key.

New Hodur malware
A new variant of PlugX RAT, named Hodur, is being used by Mustang Panda in an ongoing attack campaign. Most of the victims are located in East and Southeast Asia, with a few in Europe and Africa. The malware is distributed via decoy documents that contain information about ongoing events in Europe and the war in Ukraine.

Top Vulnerabilities Reported in the Last 24 Hours

Flaws discovered in Dell BIOS
Five new security weaknesses discovered in Dell BIOS can be exploited to launch remote code execution attacks on vulnerable systems. The flaws are tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, and exist in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware Interface (UEFI). They are rated 8.2 on the CVSS scale. A number of Dell products, including Alienware, Inspiron, Vostro line-ups, and Edge Gateway 3000 Series, are impacted.

HP patches three RCE flaws
Three critical RCE flaws affecting hundreds of HP printer models have been patched by the firm. The flaws are tracked as CVE-2022-3942, CVE-2022-24292, and CVE-2022-24291. While one of them can lead to remote code execution attacks, the other two can be exploited for information disclosure and to trigger a denial of service condition. The affected products include HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.

 Tags

mustang panda apt group
hodur malware
scottish association for mental health samh
gimmick
storm cloud chinese threat actor group
bitlocker ransomware
lockbit

Posted on: March 23, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.