Go to listing page

Cyware Daily Threat Intelligence, October 08, 2021

Cyware Daily Threat Intelligence, October 08, 2021

Share Blog Post

Security researchers have made a big catch! In a widescale operation, a group of researchers and law enforcement agencies tracked down the C2 infrastructure of an extremely popular malware-as-a-service Agent Tesla RAT. The exfiltrated data (950 GB) containing user credentials, files, and other sensitive information was drained out by the researchers as a part of the operation.

However, this has not deterred the spirit of threat actors and this is evident from the discovery of new malware. Called FontOnLake, the malware has been designed to target Linux systems. In other news, the notorious FIN12 threat actor group has expanded its attack surface to the healthcare sector. The threat actors are known for their preference for deploying Ryuk ransomware.

Top Breaches Reported in the Last 24 Hours

Weir Group attacked
Scottish multinational engineering firm Weir Group disclosed a ransomware attack that occurred in September. The incident led to shipment, manufacturing, and engineering disruption. All issues with customer-facing services are currently being mitigated.

BrewDog exposes data
Scottish brewery BrewDog exposed the PII of around 200,000 shareholders for over a year following the discovery of a security flaw. The exposed data included email addresses, birth dates, gender, phone numbers, and referrals of users. The flaw was fixed with the release of a new build.

Gmail users targeted
Google warned that more than 14,000 Gmail users were targeted in spear-phishing campaigns that were launched by the APT28 threat actor group. A spike in the number of attacks was observed in late September.

FIN12’s ransomware threat
A new investigation reveals that FIN12 is actively targeting the healthcare sector by deploying Ryuk ransomware. The gang has also been attributed for using Conti ransomware in one of the recent attacks that enabled it to steal 90GB of data.

Misconfigured Apache exposes data
Misconfiguration issues across older versions of Apache Airflow instances have exposed sensitive information of several companies. Some of the impacted organizations include AWS, Binance, Google Cloud Platform, PayPal, Slack, and Stripe.

Top Malware Reported in the Last 24 Hours

New FontOnLake malware
A newly discovered FontOnLake malware has been found targeting Linux systems. According to the telemetry, the malware’s target includes users in Southeast Asia.

Vidar stealer returns
The Vidar stealer has returned in a new campaign that abuses the Mastodon social media network to connect with the C2 server. The malware capabilities include pilfering browser information such as passwords, cookies, history, and credit card information. It can also steal Telegram credentials for Windows versions and even funds from cryptocurrency wallets.

Agent Tesla down
Researchers and law enforcement agencies have extracted around 950 GB of stolen data in an operation that took down the C2 infrastructure of Agent Tesla. The victims of the malware included the U.S., Canada, Italy, Germany, Spain, Mexico, Chile, Brazil, Singapore, and the UAE.

Top Vulnerabilities Reported in the Last 24 Hours

CISA urges to patch Apache flaw
CISA has issued an advisory to warn users about the wide exploitation of a flaw impacting Apache HTTP Server. The flaw, identified as CVE-2021-42013, affects the server version 2.4.50. The flaw is a follow-up to the improper patch released for the flaw CVE-2021-41733.

Top Scams Reported in the Last 24 Hours

Free Nitro subscription scam
A number of fake subscription offers for Nitro are doing the rounds in Discord. Scammers are using a variety of messages such as free games and discount sign-ups for services to lure users into the scam. The targeted users are further tricked into clicking on a link that looks like a sign-up page for Nitro.

 Tags

agent tesla rat
ryuk ransomware
fontonlake
fin12 threat actor group
weir group

Posted on: October 08, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.