Go to listing page

Cyware Daily Threat Intelligence, October 15, 2021

Cyware Daily Threat Intelligence, October 15, 2021

Share Blog Post

What can be more disturbing than to know that there are more than 270 different government-sponsored threat actors that are active across over 50 countries? A report shared by Google researchers has revealed this shocking detail along with the spike in email phishing attacks, primarily carried out by the Fancy Bear threat actor group. 

Adding more woes for the organizations, NSA along with other law enforcement agencies revealed that three more water treatment facilities located in the U.S had fallen to the attacks from ransomware. These attacks took place in March, July, and August. 

In another news, an ad blocker extension called AllBlock was used in a campaign that stealthily distributed adware.  

Top Breaches Reported in the Last 24 Hours

The University of Sunderland affected
The University of Sunderland was forced to take down its IT systems following a cyberattack. The affected systems include telephone lines, official website, email server, and all online portals related to eBooks, and journals. 

Water treatment facilities hit
In a joint advisory, FBI, NSA, CISA, and EPA revealed that ransomware gangs silently hit three US water and wastewater treatment facilities this year. The attacks took place in March, July, and August and hit facilities in Nevada, Maine, and California, respectively.

Hillel Yaffe Medical Center attacked
Israel’s National Cyber Directorate (INCD) is urging organizations to bolster their cyber defenses following a ransomware attack at Hillel Yaffe Medical Center. Evidence shows that healthcare was running outdated versions of email servers and VPNs. 

More than 270 threat actors tracked
A report from Google Threat Analysis Group reveals that there are more than 270 different government organizations operating across 50 countries. The figure includes groups engaged in cyber espionage and disinformation campaigns. In 2021, the major spike in attacks has been attributed to APT28 aka Fancy Bear threat actor group. 

Top Malware Reported in the Last 24 Hours

dcRAT spotted
Researchers spotted a malicious email campaign distributing the remote access trojan Dark Crystal, which is also known as dcRAT. The malware is propagated via a Microsoft Word document that contains a malicious VBA script. It is capable of exfiltrating clipboard data, files, keystrokes, and cookies. 

New ad injection campaign
A new ad injection campaign used AllBlock ad block extension to distribute adware. The extension was available for Chrome and Opera browsers.  

Top Vulnerabilities Reported in the Last 24 Hours

Security flaws in Linphone and MicroSIP
Multiple security flaws discovered in the Linphone and MicroSIP software that can be exploited by attackers to crash the devices and even extract sensitive information. The flaws have since been addressed by the respective manufacturers following the disclosure.  

Top Scams Reported in the Last 24 Hours

Vishing scam
A vishing campaign spotted by researchers tried to convince people to give the attackers access to their computers. Cybercriminals impersonated Microsoft Defender in an attempt to convince victims to grant them remote access. The campaign starts with targeted users receiving phony order receipts for a Microsoft Defender subscription over email.  

Free Steam game scam
Scammers are leveraging TikTok to spread scams through free steam game accounts. These scams are designed to steal funds and other personal information from users. 


university of sunderland
hillel yaffe medical center
ad injection campaign
vishing campaign
fancy bear threat actor group

Posted on: October 15, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.