Go to listing page

Cyware Daily Threat Intelligence, September 29, 2022

Cyware Daily Threat Intelligence, September 29, 2022

Share Blog Post

A doppelganger of the Chaos ransomware strain has come to light. The malware targets Windows and Linux devices for cryptomining and launching DDoS attacks. The cyber landscape is getting even more chaotic with the release of the cracked version of the most advanced red team and adversary simulation software, Brute Ratel C4 (BRC4), in darknet marketplaces. Preliminary investigation points toward the involvement of a Russian-speaking group known as Molecules.

Meanwhile, four security holes were found in Layer-2 (L2) network security controls in multiple Cisco routers and switches. Over 200 vendors were warned against the flaws that could be exploited to carry out DoS or Man-in-the-Middle (MitM) attacks.

Top Breaches Reported in the Last 24 Hours


Abrupt notification pushed to Apple News users
U.S. business publication Fast Company was breached and the network had to be pulled offline in the wake of the hacking incident. The breach impacted its internal systems, enabling hackers to send offensive push notifications to Apple News users. Hackers claimed they infiltrated Fast Company’s network through weak default passwords on a WordPress instance used by the company.

Top Malware Reported in the Last 24 Hours


Chaos malware for cryptomining and DDoS
Black Lotus Labs detected a multifunctional Go-based malware, dubbed Chaos, purposed to target a wide range of devices, including small office/home office (SOHO) routers and enterprise servers. The malware samples were likely written by Chinese actors, and rely on a China-based C2 infrastructure, with key attack features being DDoS and cryptomining. Most of its bot infections were located in Europe, specifically Italy.

Brute Ratel crack spreads
Some cybercriminals have successfully cracked and released the Brute Ratel C4 (BRC4) post-exploitation toolkit in underground forums. The adversary simulation software, unlike Cobalt Strike beacons, is less popular but exhibits similar capabilities. Another instance was earlier shared by Palo Alto Networks Unit 42, which warned against the abuse of legitimate BRC4 in attack campaigns to evade detection.

New job lures drop Cobalt Strike
A phishing campaign impersonating a government organization in the U.S. and a trade union in New Zealand attempts to deliver Cobalt Strike beacons on infected endpoints. The campaign exploits CVE-2017-0199, an RCE bug, that involves a multistage and modular infection chain with fileless, malicious scripts. The payload identified is a leaked version of a Cobalt Strike beacon.

Top Vulnerabilities Reported in the Last 24 Hours


Bugs in Cisco L2 network security controls
Tens of Cisco routers and switches were observed prone to bypass vulnerabilities in the Layer-2 (L2) network security controls. Researchers reported a total of four bugs, namely CVE-2021-27853, CVE-2021-27854, CVE-2021-27861, and CVE-2021-27862. An attacker can send specially crafted packets to bypass the controls provided by these enterprise devices, triggering a DoS or performing a MitM attack. 

New Threat in the Spotlight 


Military and weapons contractors under attack
Security researchers at Securonix disclosed details about a new campaign aimed at multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The attack begins with a phishing email sent to employees. With mild confidence, researchers attributed the attack campaign to APT37, owing to similarities to its attack history.

 Tags

cobalt strike tool
chaos malware
belfast company
f 35 lightning ii fighter jet
brute ratel
apple news
apt37
cisco routers
us military contractor

Posted on: September 29, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.