Go to listing page

Cyware Daily Threat Intelligence, February 24, 2021

Cyware Daily Threat Intelligence, February 24, 2021

Share Blog Post

Looks like botnet operators are in a no-nonsense mood as a new evasion technique comes under the lens of researchers. The technique that involves the abuse of Bitcoin blockchain transactions for C2 communications, has been harnessed by attackers in a long-running cryptocurrency mining campaign.

Talking more on emerging threats, a new version of MINEBRIDGE trojan with enhanced TTPs and social engineering lure has also expanded the attack scope for its creators. Meanwhile, the Clop ransomware gang is back in the headlines for leaking the data stolen from aerospace giant Bombardier.

Top Breaches Reported in the Last 24 Hours

France warns of stolen credentials
French authorities are warning the country’s healthcare sector of the discovery of stolen credentials, apparently belonging to hospital workers. The credentials are put for sale on the dark web. The origin of the leak is still unclear.

Bombardier’s data leaked
The Clop ransomware gang has leaked online the screenshots of blueprints allegedly stolen from aerospace giant Bombardier. The gang had abused the vulnerability in the Acellion’s legacy file-transfer software to gain access to the networks of Bombardier.

Top Malware Reported in the Last 24 Hours

Researchers have detected a new variant of MINEBRIDGE RAT that includes new TTPs and social engineering lure. The malware, which is linked to the TA505 threat actor group, uses a job resume theme to attract recipients.

Botnet leverages blockchain transaction
A botnet used for cryptocurrency mining activities is abusing Bitcoin blockchain transactions to stay under the radar. As a part of the campaign, the threat actors have been found abusing remote code execution vulnerabilities (CVE-2015-1427 and CVE-2019-9028) in Hadoop Yarn and Elasticsearch.

Malicious Flash Player app
A Flash Player app that has reached its end of life has been found distributing Adware on Chinese users’ phones. The app is available on flash[.]cn website.

Top Vulnerabilities Reported in the Last 24 Hours

SonicWall issues patches
SonicWall has released a new set of firmware patches for its SMA 100 series products, which provide workers with remote access to internal resources. The release is an update to a previous alert that can allow a remote attacker to take control of an affected system.

Flawed virtual event platforms
Several flaws and misconfiguration issues found in VFairs and 6Connex virtual event platforms had exposed job seekers’ identities and social media profiles. Among the issues identified are information disclosure, direct access to databases, and potential remote code execution.

Keybase resolves a flaw
Keybase has resolved a security flaw in the messaging client that could have resulted in the compromise of the private data of users. Tracked as CVE-2021-23827, the bug is described as an issue that allows attackers to obtain potentially sensitive media in the cache and uploadtemps directories.

Vulnerable Node.js library
Node.js library is vulnerable to a high severity command injection vulnerability tracked as CVE-2021-21315. The flaw impacts the ‘systeminformation’ npm packagecomponent and has been fixed in version 5.3.1.

VMware addresses flaws
VMware has addressed multiple critical remote code execution flaws found in its ESXi and vSphere Client virtual infrastructure management platform. The flaws could have enabled attackers to execute arbitrary code and take control of systems. Identified with CVE-2021-21972, the flaw has a CVSS score of 9.8.


clop ransomware gang
minebridge rat
minebridge trojan
bitcoin blockchain transactions

Posted on: February 24, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite