Go to listing page

Cyware Daily Threat Intelligence, February 13, 2023

Cyware Daily Threat Intelligence, February 13, 2023

Share Blog Post

New ransomware alert! It's DarkBit this time. The ransomware group has claimed one of Israel's leading research universities as its victim and demanded about $1.7 million in extortion. Researchers surmise a threat actor, disgruntled employee, or pro-Palestinian activist could be behind the attack. Have you patched the Goanywhere MFT zero-day yet? A notorious ransomware gang allegedly pilfered data from over 130 organizations by exploiting this single vulnerability, which enables attackers to remotely execute code on compromised systems.

In cybersecurity, many a time, it’s not how it appears. A flurry of DHL and MetaMask phishing emails was observed targeting numerous individuals. At first glance, the victim appeared to be somebody at the domain registrar platform, Namecheap.

Top Breaches Reported in the Last 24 Hours

California city crippled by ransomware
The City of Oakland, California, disclosed it fell victim to a ransomware attack, however, its core functions, such as 911, financial data, and fire and emergency resources faced no troubles. There is no confirmation about the attack’s impact on the City mobile devices, Office 365, NeoGov, OakWiFi, the City’s website, and more. Only computers were brought offline from the City network to contain the attack.

Ransomware A10 Networks 
California-based A10 Networks, a networking hardware manufacturer, was targeted by the Play ransomware operators. Hackers accessed its IT infrastructure and compromised data related to human resources, finance, and legal functions. The company claimed that the incident has not compromised any of its products or solutions, or any customer information.

 Blurts out sensitive data 
Unknown hackers hijacked the networks of Pepsi Bottling Ventures LLC and deployed information-stealing malware to harvest sensitive data from its IT systems. According to the firm, full names, addresses, financial information (such as passwords, PINs, and access numbers), SSNs, passport data, State and Federal government-issued ID numbers and driver's license numbers, and more were impacted.

Top Malware Reported in the Last 24 Hours

DarkBit - New ransomware threat
A new ransomware group calling itself DarkBit has hit Technion - Israel Institute of Technology. It has demanded 80 BTC or roughly USD $1,745,200 to release the decryptor to one of Israel's leading research universities. The hacker group portrays its activities as hacktivism but the group's motives seem multi-faceted, concluded security researchers.

AsyncRAT uses Windows Help file
Experts at ASEC verified that APT campaigns are increasingly using Windows Help files (*.chm) to distribute AsyncRAT, an open-source RAT malware publicly available on GitHub. Keylogging, remote shell, and anti-VM are some of its standard features. It also has the strings required for malicious C2 and porting behavior, but they are encrypted.

Top Vulnerabilities Reported in the Last 24 Hours

10 days, 130 victims
The Clop ransomware group claimed to have successfully infected more than 130 organizations by abusing the zero-day in Fortra’s GoAnywhere MFT secure file transfer solution. The bug, tracked as CVE-2023-0669, is an RCE issue. The company immediately issued a patch and urged organizations using the software to immediately apply it. Hackers, who failed to share proof, said they did it in just ten days.

Top Scams Reported in the Last 24 Hours

DHL and MetaMask phishing scam
Email inboxes of Namecheap subscribers started to receive phishing messages last week in an attempt to dupe them into disclosing personal data or their crypto wallets' recovery phrases. Scammers impersonated DHL and MetaMask in their campaigns. Namecheap said that their own systems had not been compromised and that the upstream third-party system they employ to send emails was responsible for the campaign.


goanywhere mft
dhl phishing campaign
the pepsi bottling group
a10 networks
city of oakland
darkbit ransomware
cl0p ransomware

Posted on: February 13, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite