Go to listing page

Cyware Daily Threat Intelligence, November 30, 2022

Cyware Daily Threat Intelligence, November 30, 2022

Share Blog Post

Researchers unearthed a cyberespionage campaign by Chinese threat actors who have been carrying out attacks since at least September 2021. Their motive to steal data from air-gapped systems primarily relies on infected USB drives as an initial infection vector. Meanwhile, high-severity vulnerabilities were reported in OT products from two German vendors Festo and CODESYS. These are tracked as OT:ICEFALL. The disclosure highlights issues either due to an insecure-by-design approach or inferior implementation of security controls.

In the past 24 hours, a major healthcare breach was reported wherein about 120 pediatric healthcare facilities and over 2 million individuals got impacted. A plethora of sensitive personal, healthcare and insurance-related data was stolen.

Top Breaches Reported in the Last 24 Hours

Netherlands company exposed sensitive data
ENC Security, Netherlands, was found blurting out its API keys and certificate files for over a year owing to a misconfiguration. The company is a third-party vendor for Sony, Lexar, and Sandisk USB keys as it provides encryption solutions for data safety. The data was accessible from May 27, 2021, up until November 9, 2022.

Healthcare entity breached
Pediatric-specific health IT solutions company Connexin Software confirmed that it suffered a security incident that impacted nearly 2.2 million individuals. The ripple effect of the attacks has circumvented the networks of about 120 pediatric physician practices and practice groups. The leaked database comprised PII, and a variety of medical and insurance records.

Website tracking turned costly
Unauthorized access at Community Health Network, Indiana, impacted approximately 1.5 million individuals. The incident involves the use of website tracking code by some of third parties. These helped them in teleporting certain patient information from the site to the tracking technology vendors.

Top Malware Reported in the Last 24 Hours

Trigona ransomware spreading worldwide
A previously reported ransomware strain has been rebranded as Trigona and researchers claimed to have found multiple victims of the new strain. Moreover, hackers behind it have released a new negotiation site on Tor where they ask for ransom in Monero. However, It remains obscure how hackers penetrate the target networks to deploy ransomware.

UNC4191 malicious USB drives
China-linked cyberespionage group UNC4191 has been observed targeting public and private entities in Southeast Asia, Asia-Pacific, the U.S., and Europe, with increased attention on the Philippines. Hackers attempt to steal data from air-gapped systems through self-replicating malware on USB drives. The three malware families, dubbed MISTCLOAK, DARKDEW, and BLUEHAZE, can help achieve backdoor access to compromised devices. 

Top Vulnerabilities Reported in the Last 24 Hours

ICEFALL: A set of bugs in OT products
Forescout Technologies detailed about three new security holes—tracked as ICEFALL, in Operational Technology (OT) products from Festo and Codesys. CVE-2022-3270 is the most critical among those with a CVSS score of 9.8. It affects Festo automation controllers using the Festo Generic Multicast (FGMC) protocol and can trigger a Denial of Service (DoS) condition. Other flaws in the fray are CVE-2022-3079 and CVE-2022-4048.

Researchers infiltrated Intel DCM software
Julien Ahrens, a researcher from RCE Security disclosed a high-severity flaw in the Intel DCM software. Tracked as CVE-2022-33942, the bug affects software prior to v5.0. Though the researcher claimed that the flaw is an RCE threat, Intel sees the issue only as a privilege elevation flaw. A second blog by the researcher is due this week.


malicious usb drive
codesys flaws
community health network
pediatric practice groups
connexin software
intel dcm software
trigona ransomware

Posted on: November 30, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.