Go to listing page

Cyware Daily Threat Intelligence, June 11, 2021

Cyware Daily Threat Intelligence, June 11, 2021

Share Blog Post

A DDoS extortion group has blazed back on the cybercrime scene. Fancy Lazarus, known for masquerading as various APT groups, has launched a series of DDoS extortion attacks on U.S. companies with an aim to ramp up its revenue. The attacks are carried out through phishing emails that threaten recipients of crippling their businesses if the asked ransom is not paid.

Another APT group called BackdoorDiplomacy has been linked with a new campaign that uses a custom variant of the Quarian backdoor, named Turian. The group has been targeting removable media to exfiltrate data.

Top Breaches Reported in the Last 24 Hours

Edward Don hit
Foodservice supplier Edward Don has suffered a ransomware attack that forced the company to shut down a portion of its network. As a result, there was an email outage. Although it is not clear what ransomware has been used in the attack, it is believed that the company may have been infected by the QBot trojan based on the adversarial visibility.

Update on CD Projekt Red attack
CD Projekt Red is still struggling with the ransomware attack that occurred in February. According to the latest statement, the studio stated that internal data stolen during the hack is being circulated online. The files may include details on current and former employees and contractors, along with data related to its games.

DDoS extortion attack
Fancy Lazarus APT is behind a series of DDoS extortion attacks against several organizations in the U.S. The attack campaign begins with a phishing email that asks for two BTC in ransom if companies want to avoid DDoS attacks.

Hacker breach Electronic Arts
Hackers breached Electronic Arts (EA) and stole some source code and game-related tools, including that of FIFA 21. Early investigation reveals that no player data has been accessed.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable SIP protocol
The SIP communication protocol is impacted by an XSS flaw that can be abused to compromise users’ browser sessions. This can further enable attackers to launch phishing attacks or deploy malware.

Samsung patching multiple flaws
Samsung is working on patching multiple vulnerabilities that could be abused for spying or taking full control of the systems. These flaws are discovered in Samsung’s pre-installed Android apps. Some of these issues have already been patched in May. Users are advised to apply the latest firmware updates to avoid potential security risks.

SonicWall VPN flaw exploited
Malicious hackers are exploiting an old security flaw in SonicWall VPN devices to compromise SRA 4600 appliances. The flaw in question is CVE-2019-7481, for which the PoC has been released to the public. Users can prevent the attack by updating the firmware to the latest versions.

Linux bug 
Unprivileged attackers can exploit an unauthenticated bypass vulnerability in the polkit auth system service installed on many modern Linux distributions to access a root shell. The flaw is tracked as CVE-2021-3560 and a fix for the same has been released on June 3, 2021.


fancy lazarus
cd projekt red
quarian backdoor
turian backdoor

Posted on: June 11, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite