Go to listing page

Cyware Daily Threat Intelligence, March 31, 2021

Cyware Daily Threat Intelligence, March 31, 2021

Share Blog Post

The fact that cybercriminals see no boundaries has intensified the impact of cybercrime by leaps and bounds. The past 24 hours witnessed reports of data breaches, cyber espionage campaigns, and malware attacks. While the Clop ransomware gang’s extended list of victims includes four more prestigious universities located in the U.S., the notorious Charming Kitten hacking group made its comeback in a new BadBlood phishing campaign that targeted medical organizations.   

Details of three undocumented malware—SodaMaster, P8RAT, and FYAnti—also emerged after researchers uncovered a data exfiltration campaign linked to the Stone Panda APT group. These backdoors were used against a number of sectors located in Japan.  

Top Breaches Reported in the Last 24 Hours

Clop continues to terrorize
Apart from the University of Maryland and the University of California, the Clop ransomware gang has released data from four more universities. The impacted universities are the Yeshiva University, Stanford University, the University of Miami, and the University of Colorado Boulder. The group began posting the alleged stolen data on March 29. 

Unsecured database
An unsecured Microsoft Azure Blob belonging to one of the largest charities in New York has exposed more than 2,000 CSV and TXT files that included entries related to patients’ PII. The leaked files include 13,000 entries on vaccines, administration dates, vaccine types, products, and expiration dates.

Top Malware Reported in the Last 24 Hours

Newly discovered malware
Researchers have disclosed details about three new malicious payloads deployed by the Stone Panda threat group. The three newly discovered malware are SodaMaster, P8RAT, and FYAnti. Used in a sophisticated cyber espionage campaign, the ultimate purpose of these malware was to exfiltrate information from a number of sectors located in Japan.

Malicious plugin
Malicious versions of jQuery Migrate plugin are being injected on dozens of websites with an aim to load malware. These files are named jquery-migrate.js and jquery-migrate.min.js and are located where JavaScript files are normally present on WordPress sites. As a part of the malicious operation, users may be directed to fake surveys, tech support scams, and unwanted browser extensions.
Top Vulnerabilities Reported in the Last 24 Hours

VMware issues patches
VMware has issued patches for two vulnerabilities that could lead to the theft of administrator credentials in vRealize. Tracked as CVE-2021-21983 and CVE-2021-21975, the flaws are related to arbitrary code execution and server-side request forgery, respectively.

Top Scams Reported in the Last 24 Hours

Universities targeted in IRS phishing scam
The IRS is warning of ongoing phishing attacks that impersonated the agency in order to target educational institutions. The attack uses the tax refund payment baits to lure universities’ staff and students. The subject lines of the phishing emails read ‘Tax Refund Payment’ or ‘Recalculation of your tax refund payment’ to increase the success rates of phishers’ social engineering attacks. Furthermore, these emails include links that redirect recipients to phishing pages.


stone panda apt group
badblood phishing campaign

Posted on: March 31, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.