Go to listing page

Cyware Daily Threat Intelligence, September 17, 2021

Cyware Daily Threat Intelligence, September 17, 2021

Share Blog Post

A two-year-long cyberattack against the aviation sector has left researchers bewildered. Called ‘Operation Layover’, the campaign spearheaded by a group of Nigerian threat actors was used to spread AsyncRAT and njRAT through a malicious PDF file. There is a high chance that the attackers can put stolen data up for sale on underground forums to gain monetary benefits.

The espionage nightmare continues. Telcos and government agencies in Southeast Asia have also been targeted in a cyberespionage campaign that is active since March. The Mustang Panda APT group, the mastermind of the campaign, had hacked into the networks of the organizations to deploy PlugX backdoor. Meanwhile, financial institutions must be cautious of the newly found Numando banking trojan capable of stealing financial credentials.

Top Breaches Reported in the Last 24 Hours

Austin Cancer Center breached
Austin Cancer Center has begun notifying over 36,000 patients about a data breach that exposed their personal details. The attack was discovered on August 4 after hackers deployed malware on the systems.

Telcos and government agencies targeted
Mustang Panda has returned in a new attack campaign that targets telcos and government agencies in Southeast Asia. The attack that has been active since March, is being used to distribute the PlugX backdoor to gain persistence over systems.

Aviation industry targeted
A phishing campaign dubbed Operation Layover targeting the global aviation industry has gone undetected for at least two years. Believed to be an act of a Nigerian threat actor, the campaign was launched using malicious emails containing a PDF file purporting to be aviation-related information. The ultimate purpose of the campaign was to distribute AsyncRAT and njRAT.

Republican Governors Association targeted
The Republican Governors Association has sent out letters to notify 500 people about a security breach that exposed their PII. The incident occurred after hackers abused vulnerabilities in Microsoft Exchange email servers.

City of Yonkers affected
Government employees at the City of Yonkers were affected by a ransomware attack that occurred last week. However, the city refused to pay the ransom and plans to restore the data from backups.

Top Malware Reported in the Last 24 Hours

Newly discovered Numando malware
A newly discovered Numando banking trojan has been found targeting users in Latin America. The malware shares similarities with Janeleiro, Casbaneiro, Grandoreiro, and Mekotio. Written in Delphi, the malware displays fake Windows overlay to dupe victims into submitting their sensitive data, including their financial credentials.

Top Vulnerabilities Reported in the Last 24 Hours

Zoho ManageEngine exploited
Law enforcement agencies have issued a warning about the mass exploitation of a critical vulnerability in the Zoho ManageEngine ADSelfService Plus software. The vulnerability is tracked as CVE-2021-40539 and impacts password management and SSO solution.

OMIGOD vulnerabilities
A series of four vulnerabilities affecting Open Management software agent infrastructure has left Microsoft Azure customers exposed to remote code execution attacks. The flaws, collectively called OMIGOD, are tracked as CVE-2021-38648, CVE-2021-386645, CVE-2021-38649, and CVE-2021-3864. Microsoft has issued patches for the vulnerabilities in this month’s Patch Tuesday update.

AMD issues a patch
AMD has issued patches for a critical vulnerability that resides in the driver for AMD’s Platform Security Processor (PSP). The flaw, identified as CVE-2021-26333, can allow threat actors to dump system memory and steal sensitive information from AMD-powered computers.

Top Scams Reported in the Last 24 Hours

Fraudsters steal $500K
Fraudsters made around $500,000 by posing as 75 bank customers in a fake credit card payment campaign. The hackers managed to pull off the fraud by diverting OTPs sent from the banks to overseas mobile network systems. The fraudulent transactions happened between September and December last year.


 Tags

mustang panda apt group
operation layover
plugx backdoor
numando banking trojan
austin cancer center
zoho manageengine

Posted on: September 17, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.