Cyware Daily Threat Intelligence November 14, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

Dharma ransomware
A new Dharma ransomware variant was recently discovered, which is capable of bypassing detection from nearly every antivirus program available in the market. The new Dharma variant uses a NET dropper to propagate and encrypts all files using a .tron extension. Since there is currently no decryption tool available for this Dharma variant, it is considered to be extremely dangerous. 

Operation Shaheen
A newly discovered APT group called The White Company was found targeting the Pakistani military with a year-long cyberespionage campaign. Dubbed Operation Shaheen, the malware campaign saw hackers target Pakistani Air Force officials with phishing attacks that distributed RATs and spyware. 

WebCobra
A new Russian malware called WebCobra which mines for cryptocurrencies. WebCobra is designed to check the environment of a targeted system and depending on the infrastructure it detects, the malware either drops a ZCash miner or a Cryptonight miner. Although WebCobra has been infecting systems across the globe, the highest infection rates have been detected in Brazil, South Africa, and the US.

Top Breaches Reported in the Last 24 Hours

Google outage
Google's services went down for over a year on November 12. The issue was caused when Google's internet traffic was hijacked by a Nigerian ISP called MainOne. The firm improperly rerouted hundreds of Google-owned IP addresses as its own as part of a planned network upgrade. The traffic was also rerouted via Russia and China, including the Chinese government-owned firm China Telecom. It took 72 hours for Google and MainOne to discover and resolve the issue. 

Media Prima
A Malaysian media group called Media Prima fell victim to a ransomware attack. The media group operates, among others verticals, three national newspapers, free-to-air television stations, and radio stations. The cybercriminals behind the attack demanded 1,000 bitcoins, worth over $6 million to decrypt the data. The media group has reportedly been unable to access its email servers. It is still unclear as to whether the hackers were successful in compromising or exfiltrating any data from Media Prima. 


 Tags

the white company
ransomware attacks
operation shaheen
google outage
media prima
dharma ransomware
webcobra malware

Posted on: November 14, 2018

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!