Cyware Daily Threat Intelligence September 4, 2018

Share Blog post

Top Breaches Reported in the Last 24 Hours

Mortal Online
The credentials of nearly 570,000 players of the online role-playing game Mortal Online was stolen by cybercriminals and is being sold online. Mortal Online's server was accessed by hackers in June 2018. The stolen credentials were also used in a credential stuffing attack against League Of Legends players.

C&A breach
The Brazilian international fashion retail clothing chain C&A confirmed that it suffered a breach that exposed around 36,000 customers' data. Data from customers who purchased gift cards online on the website Pastebin was compromised in the breach. Exposed data includes ID numbers and email addresses, in addition to information including the amount loaded into the cards, order number, and date of purchase.

South African Labor department hack
A notorious hacker known as Paladin is back in action. He claims to have hacked into the websites of the Department of Labour and SA Express. However, the attacks against the websites only for several seconds. Both the sites are currently up and running.

Top Malware Reported in the Last 24 Hours

GlobeImposter
A new variant of the GlobeImposter ransomware has been detected and uses a high-intensity algorithm to encrypt data. The new GlobeImposter variant was found rapidly spreading across the globe. There are now around 20 variants of the GlobeImposter ransomware - all of which have popped up since June 2018. A Chinese children's hospital was among the ransomware's victims. The ransomware operators are demanding a bitcoin ransom ranging between 1 and10 bitcoins.

Hakai botnet
A new IoT botnet called Hakai has been discovered targeting D-Link, Huawei and Realtek routers, as well as IoT devices with no or weak passwords. The botnet is based on QBot (aka Bashlite, LizardStresser, and Gafgyt). Cybercriminals have already found Hakai' leaked code and created two new variants called Kenjiro and Izuku - both of which are rapidly spreading online.

WMIC
A new attack chain leveraging the Windows Management Instrumentation Command-line (WMIC) has been discovered. The multi-stage infection chain aims to steal information from Windows machines. The primary payload is capable of stealing email and browser credentials and acts as a keylogger and a backdoor.



 Tags

mortal online
globeimposter ransomware
wmic
paladin
hakai botnet

Posted on: September 04, 2018

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!