Go to listing page

Cyware Daily Threat Intelligence, January 27, 2023

Cyware Daily Threat Intelligence, January 27, 2023

Share Blog Post

The threat of cyberattacks motivated by geopolitical affairs has grown in recent years. One Russian hacker group known for such attacks has now targeted German airports, public administration, and financial institutions with DDoS attacks. Meanwhile, the BlackCat ransomware gang has continued its marauding run of attacks by claiming to breach an explosives manufacturer and allegedly stealing sensitive military data. 

In other news, the malware landscape is evolving constantly with new threats popping up daily and some known threats getting dismantled. In the last 24 hours, researchers reported the emergence of a new ransomware strain named Mimic. On the other hand, the FBI, Europol, and other law enforcement agencies took down a long-standing threat in the form of Hive ransomware.  

Top Breaches Reported in the Last 24 Hours

Killnet targets Germany
The notorious Russian hacker group Killnet launched a new wave of DDoS attacks against German organizations. The targeted entities include German airports, public administration bodies, and financial sector organizations. Germany’s Federal Cyber Security Authority (BSI) said these attacks rendered some websites unavailable.

Mental health institutions hacked
Lately, two U.S. mental healthcare providers, Lutheran Social Services of Illinois and North Carolina-based Mindpath Health, disclosed suffering breaches due to a ransomware attack and an email hacking incident, respectively. The former incident affected nearly 184,000 individuals whereas the latter impacted nearly 194,000 people.

Explosives manufacturer hit by BlackCat
The BlackCat Ransomware gang added Solar Industries India, an industrial explosives manufacturer, to the list of victims published on its Tor leak site. The gang claimed to have infiltrated the company’s infrastructure and stolen 2TB of data that was put up for auction on its site. This allegedly includes secret military data related to weapons production.

Top Malware Reported in the Last 24 Hours

New Windows ransomware threat
Researchers at Trend Micro discovered a new ransomware strain, dubbed Mimic, that utilizes the 'Everything' file search tool on Windows to discover files to be targeted for encryption. English and Russian-speaking users are the prime targets. The ransomware supports command-line arguments to narrow down encryption targets. It also makes use of multi-threaded execution to speed up the data encryption process.

Hive ransomware taken down
The FBI, in cooperation with Europol and other law enforcement agencies across 10 countries, completed a months-long operation to take down the notorious Hive ransomware group. The operation blocked $130 million in ransom payments to the group and resulted in the seizure of the Hive leak site.

PlugX variants infect USB devices 
Security researchers have uncovered a PlugX malware sample that comes with updated propagation capabilities, including the ability to infect attached removable USB media devices.
Notably, this variant of PlugX also uses a Unicode character called non-breaking space (U+00A0) to hide files in a USB device plugged into a workstation.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerability in Ruby on Rails apps
Positive Security warned that Ruby on Rails applications using for object-based search could be vulnerable to data theft. Many websites invoke the Ransack search function with unrestricted user input as parameters. This type of integration of the library can result in data theft or even takeover of administrator accounts.

RCE flaw in Lexmark printers
More than 100 printer models made by Lexmark are affected by a server-side request forgery (SSRF) vulnerability that could allow attackers to gain foothold on networks, expose sensitive documents, or obtain network credentials. Lexmark patched the vulnerability, CVE-2023-23560, through a firmware update.

Top Scams Reported in the Last 24 Hours

Phishing campaign against Bitwarden users
A number of phishing campaigns are abusing Google Ads to target users of Bitwarden and other password managers. The scammers use spoofed websites promoted via search ads to steal users’ password vault credentials.


killnet group
ruby on rails
plugx malware
blackcat ransomware
mindpath health
ransack library
german airports
mimic ransomware
lexmark printers
hive ransomware
lutheran social services
solar industries india

Posted on: January 27, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite