Go to listing page

Cyware Daily Threat Intelligence, November 18, 2021

Cyware Daily Threat Intelligence, November 18, 2021

Share Blog Post

Watch out! Unusual activities are brewing in the Ransomware 2.0 threat landscape. Researchers have revealed that nouveau riche ransomware gangs are increasingly buying zero-day exploits that are incredibly pricey. They are ready to pay up to $10 million to compete with the traditional buyers of zero-day exploits. That’s not all. There has also been an alteration in the way ransomware affiliate programs function, as new research shed light on the shady offering attempts made by Russia-speaking ransomware gangs to attract Chinese threat actors.

In other emerging threats, the RedCurl APT group has resumed its espionage activity by adding a set of custom tools and attack methods. One of the enhancements deployed by the group is RedCurl.Extractor, a modified version of the RedCurl.Dropper.

Top Breaches Reported in the Last 24 Hours

Zero-day exploits on sale
Ransomware gangs are showing interest in purchasing zero-day exploits that are available on dark forums. They are ready to offer up to $10 million to compete with state-backed actors, who are the traditional buyers of zero-day exploits. 

Myanmar government targeted
A malicious campaign leveraging a domain fronting technique was used against the Myanmar government websites to evade detection. The attack, which was first observed in September 2021, deployed Cobalt Strike Beacon in the initial stage to launch malicious payloads.

SS7 exploit sold on the dark web
Analysts at SOS Intelligence found that there are over 80 SS7 exploitation services available on dark web forums. Some of the domains still available are SS7 Exploiter, SS7 ONLINE Exploiter, SS7 Hack, and Dark Fox Market.

Long-term spear-phishing detected
A long-term spear-phishing campaign targeting Middle East employees has been uncovered by researchers. Threat actors used phishing emails containing PDFs that redirected victims to short-lived Glitch apps hosting SharePoint phishing pages.

RedCurl updates its malicious activities
RedCurl APT group has returned with a new round of cyberespionage attacks that involve the use of new custom tools and attack methods. One of the enhancements includes the RedCurl.Extractor, a modified version of the RedCurl.Dropper.
 
Top Vulnerabilities Reported in the Last 24 Hours

Zero-day flaw exploited
The FBI raised an alarm about a zero-day vulnerability in FatPipe products that is being exploited in the wild. The flaw can be exploited by sending malicious HTTP requests to a vulnerable device. No CVE identifier has been issued for the flaw yet; WARP, MPVPN, and IPVPN devices are affected by the issue.

Microsoft fixes an Azure AD flaw
Microsoft has patched an information disclosure flaw affecting Azure Active Directory (AD). Tracked as CVE-2021-42306, the flaw has a CVSS score of 8.1. It exists when a new Automation Account is set up in Azure. According to Microsoft, the vulnerability is related to the key credentials property.

Netgear issues patches
Netgear has released a new round of security patches to fix a high-severity remote code execution flaw affecting multiple routers. Tracked as CVE-2021-34991, the flaw is related to the pre-authentication buffer overflow. It can be exploited by attackers to take control of affected systems.

 Tags

redcurl threat actor
netgear
ss7 exploit
myanmar government
azure ad flaw

Posted on: November 18, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.