Go to listing page

Cyware Daily Threat Intelligence, February 27, 2023

Cyware Daily Threat Intelligence, February 27, 2023

Share Blog Post

A new obfuscation technique by PlugX has come to light. In its latest campaign, the trojan now camouflages itself behind a legitimate windows debugger tool that may allow cyber adversaries to bypass file execution restrictions and even maintain persistence. Sometimes patching a security hole can leave another one open. In a similar instance, a flaw that was patched in a security setting for Android browsers had a security bug leading to CSRF attacks. Reportedly, no easy fix is available for this. 

Moving on, major media conglomerate News Corp has shared fresh updates regarding a network intrusion by an unknown cybercriminal group that lasted for about two years. Researchers at Mandiant, however, point toward the involvement of a Chinese group.

Top Breaches Reported in the Last 24 Hours

Russian websites defaced
To protest the one-year anniversary of the Russian invasion of Ukraine, hacker group CH01 vandalized at least 32 Russian websites. On the websites that have been defaced, the hackers have posted a video depicting the Kremlin burning. It is currently unknown how the hacktivists gained access to the websites.

A two-year-long breach
News Corp, the mass media and publishing giant, revealed a data breach that affected the personal data and PHI of several employees. The compromised data include names, SSNs, driver's license numbers, passport and financial data, and medical and health insurance information. The breach has affected multiple news arms of the publishing conglomerate, including the New York Post, The Wall Street Journal, and other U.K. news operations.

Hospitals in Denmark targeted
A massive DDoS attack crippled the websites of nine hospitals in Denmark. The attack was launched by a cybercriminal group calling itself Anonymous Sudan. The group was allegedly “created as part of a Russian information operation to harm and complicate Sweden’s NATO application.” There’s no evidence that the attack campaign was sponsored by any government.

Top Malware Reported in the Last 24 Hours

PlugX RAT gets a revamp
In an effort to get past security measures and take control of a target system, the PlugX RAT has returned, disguising itself as an open-source Windows debugger utility. A key method hackers employ is using DLL side-loading technique to load a malicious DLL from x32dbg.exe, a legitimate software application. It may lead to bypassing security tools to maintain persistence, escalate privileges, and other malicious activity.

Top Vulnerabilities Reported in the Last 24 Hours

Android browser security at risk
Security researcher Axel Chong claimed that a recently patched bug in the Chromium project allowed him to bypass the SameSite setting, a security feature that restricts sensitive cookies on Android browsers. In a similar fashion, the white hat hacker also bypassed the Sec-Fetch-Site header, a feature that identifies the origin of the request and allows websites to regulate access to their resources from outside origins. These can allow an attacker to trigger CSRF attacks.


ddos attack activities
nato members
news corp
chromium project
anonymous sudan

Posted on: February 27, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite