Go to listing page

Cyware Daily Threat Intelligence, May 10, 2021

Cyware Daily Threat Intelligence, May 10, 2021

Share Blog Post

Lately, geopolitically motivated acts of cybercrime have gained a strong foothold in the threat landscape. Financially-focused cybercriminals have caused a major disruption at the Colonial Pipeline that carries almost half the fuel consumed by the U.S. East Coast. This attack raises serious concerns about the energy sector’s defenses against malicious cyber entities.

In another ghastly update, partnerships between malware groups have witnessed a major surge as operators of Cuba ransomware have joined hands with the Hancitor group. That’s not all. Another Twitter scam impersonating Elon Musk and SNL is doing the rounds, scamming Twitteratis of cryptocurrencies.

Top Breaches Reported in the Last 24 Hours

Ransomware hits Colonial Pipeline
Colonial Pipeline, one of the largest fuel pipelines in the U.S., was hit by a ransomware attack, impacting all operations and some IT systems. The DarkSide ransomware gang is suspected to be behind the attack. 

City of Tulsa hacked
The local government at the City of Tulsa, Oklahoma, underwent a ransomware attack that knocked down the city government’s network and official websites. 

City of Chicago suffers breach
The Jones Day data breach resulted in the compromise of employee emails in the City of Chicago. The former breach was a direct result of the attacks involving vulnerabilities in Accellion’s FTA file sharing service. 

Top Malware Reported in the Last 24 Hours

Hancitor joins Cuba ransomware
Attackers have started using the Hancitor malware to deliver Cuba ransomware in a new email spam campaign. The campaign aims to exfiltrate data and hold it for ransom. Cuba ransomware has been active since at least January 2020 and its operators have also launched a data leaks site listing nine victim organizations across the aviation, financial, education, and manufacturing industries.

Top Vulnerabilities Reported in the Last 24 Hours

Foxit bug allows malware execution
A now patched vulnerability in Foxit Reader could have allowed attackers to execute arbitrary code on computers running the flawed software. Tracked as CVE-2021-21822, this RCE bug results from a Use After Free bug. 

SVR exploits 12 flaws
Russian Foreign Intelligence Service (SVR) cyber operators have changed their TTPs in response to a joint advisory published by intelligence agencies from the U.S. and the U.K. The SVR is now targeting 12 security flaws as a part of its changed tactics. 

Top Scams Reported in the Last 24 Hours

Another Elon Musk cryptoscam
Following Elon Musk hosting the Saturday Night Live (SNL), Twitter scammers are hacking into verified Twitter accounts and changing their profiles to mimic SNL. They are promoting a cryptocurrency giveaway scam to steal Dogecoin, Bitcoin, and Ethereum. 

WallStreetBets forum scammed
Members of the WallStreetBets (WSB) forum became victims of a cryptocurrency scam, resulting in a loss of around $2 million. The page moderators had warned the members about the possible fraudulent activity via Telegram and yet, some people fell for the trap.


city of tulsa
city of chicago
cryptocurrency scams
foxit reader
colonial pipeline
cuba ransomware

Posted on: May 10, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.