Go to listing page

Cyware Daily Threat Intelligence, October 22, 2021

Cyware Daily Threat Intelligence, October 22, 2021

Share Blog Post

Frankenstein’s monster is back, only this time to harvest credentials from Microsoft Office 365 users. Threat actors were spotted using a never-before-seen TodayZoo phishing kit to dodge email security checks while infecting their victims. Dubbed as Franken-Phish, the campaign was active from April through May.

The infamous Evil Corp has switched to new ransomware branding called Macaw Locker to avoid US sanctions that avert victims from paying ransom demands. The newly found ransomware generates ransom messages in each folder that contain encrypted files. In other threats, gamers in South Korea are being targeted in an ongoing campaign that distributes njRAT, UDP RAT, and other malware.

Top Breaches Reported in the Last 24 Hours

Atento hit
A cyberattack at customer relationship management firm Atento has affected its operations. The company is yet to ascertain the extent of the attack.

Gigabyte firm breached
The threat actors behind AvosLocker ransomware have claimed attacks on tech giant Gigabyte. Following the attack, they have leaked a portion of the files as proof. The stolen data appears to contain confidential details regarding deals with third-party companies and information about employees.

RATs target South Korea
Users in South Korea are being targeted in an ongoing malware campaign that distributes a variety of trojans. The trojans are propagated via an adult game on WebHard and torrent. Some of the trojans include njRAT and UDP RAT.

FiveSys rootkit
A newly discovered rootkit called FiveSys has been found to be used against users in China. The purpose of the rootkit is to redirect the internet traffic and attempts to block its competitors’ access to the infected system.

TodayZoo phishing campaign
Microsoft has disclosed a new phishing campaign that involved the use of a phishing kit called ZooToday. The campaign, termed as Franken-Phish, is aimed at stealing passwords from Microsoft 365 users.

Ferrara hit
Chicago-based Ferrara was hit in a ransomware attack earlier this month. Following the attack, the attackers encrypted some of its systems.

Top Malware Reported in the Last 24 Hours

New Macaw Locker ransomware
Macaw Locker is a newly found ransomware associated with the Evil Corp group. The ransomware uses the same name as an extension to append the encrypted files. It creates a unique ID on the Tor website to negotiate with each victim.

Top Vulnerabilities Reported in the Last 24 Hours

Exploitation of Atlassian’s flaw
Several attack campaigns leveraging the exploitation of vulnerabilities in Atlassian’s Confluence were noticed throughout September. Some of these threats included cryptojacking, fileless attacks, and deployment of Setag backdoor. The flaw is tracked as CVE-2021-26084 and patches for the same are already out.

Flaws in AUVESY products
A total of 17 vulnerabilities have been identified in products manufactured by AUVESY. These vulnerabilities can be exploited to bypass authentication, elevate privileges, obtain hardcoded cryptographic keys, execute arbitrary code, and cause a denial of service attack. The vendor has patched all the flaws.


todayzoo phishing campaign
atlassians flaw
auvesy products
franken phish

Posted on: October 22, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.