Go to listing page

Cyware Daily Threat Intelligence, August 04, 2022

Cyware Daily Threat Intelligence, August 04, 2022

Share Blog Post

A high-severity bug—with the highest CVSS score of 10—has been identified in router models by DrayTek, a Taiwanese manufacturer. A hacker can take over the vulnerable routers, whose count is over 200,000 as of now. Remember Follina? A new malware threat aimed at Russian users was spotted abusing the Follina vulnerability. The malware, which stayed undetected for over a year, spreads through archive files and docs. 

Parallelly, a lesser-known threat group has been observed attacking the research and technical services sector. It deployed the Ljl backdoor on an outdated Atlassian Confluence server for espionage purposes.

Top Breaches Reported in the Last 24 Hours

Guacamaya leaks 2TB of data
Cybercriminal group—Guacamaya—posted more than 2TB of emails and files from mining companies located in Central and South America. The victims include five public and private mining companies and two public agencies. The group also shared a video on how they accessed the victims’ networks and stole the files and emails. 

Major retailer in UAE suffered breach 
A ransomware attack crippled the internal server of Spinneys, a multinational supermarket chain. The leaked data include names, phone numbers, email IDs, delivery addresses, and previous order information. The firm clarified that no payment data was impacted during the incident since they don’t store it on servers. Customers are urged to stay vigilant against cybercrime activities. 

JusTalk blurts out secrets
The popular mobile video calling and messaging app JusTalk, with 20 million global users, was found leaking a database blob storage supposedly containing private messages of the users. These messages in the unsecured database were stored unencrypted. 

Top Malware Reported in the Last 24 Hours

New RAT in the town abuses Follina
Malwarebytes uncovered the new Woody RAT delivered to Russian targets via lures containing archive files and Office documents. The document bait called “Information security memo” (in Russian) provides safety practices for passwords, confidential information, and more. It weaponizes the Follina (CVE-2022-30190) vulnerability. 

Fake website hosts Mars Stealer
Cyber adversaries behind a fake website for the Atomic wallet, a popular decentralized wallet, are distributing Mars Stealer, an information-stealing malware. The website has three buttons for downloading the wallet for Windows, Android, and iOS, respectively. Hackers use the information-stealing malware to extract account credentials from browsers, cryptocurrency extensions and wallets, and 2FA plugins.

Top Vulnerabilities Reported in the Last 24 Hours

Bug exploited in Atlassian Confluence server
A threat actor seemingly exploited an Object-Graph Navigation Language (OGNL) injection flaw in an outdated Atlassian Confluence server. Attackers targeted CVE-2022-26134 to deploy an unprecedented backdoor, Ljl, against an unnamed organization in the research and technical services sector. Researchers have blamed it on a threat activity cluster known as TAC-040.

DrayTek’s models have security holes
Security experts at Trellix reported at least 29 different router models from DrayTek were affected by a new critical RCE vulnerability. It has received the maximum severity rating of CVSS 10.0. The vulnerability could be exploited to fully compromise a targeted device and access the broader network.


mars stealer
atomic wallet
rce vulnerability
draytek routers
object graph navigation language
follina flaw
cve 2022 26134
mining firms
tac 040
woody rat

Posted on: August 04, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite