Go to listing page

Cyware Daily Threat Intelligence, March 14, 2023

Cyware Daily Threat Intelligence, March 14, 2023

Share Blog Post

One malware, no significant retooling in the past three years yet hundreds of intrusions. Meet Makop ransomware! Its operators kicked off their mission in 2020 and erected the operation initially by leveraging a variant of the Phobos ransomware. It’s a human-operated ransomware operation that has hands-on-keyboard criminals even for the encryption stage. Separately, a highly targeted attack campaign abusing a zero-day in Fortinet products was observed in the wild. The campaign is said to be focused on governmental targets. The vulnerability impacts a range of FortiOS versions, users must take note.

Are you noticing? With time, phishing kits have evolved to become lethal to your security postures. Along the same lines, the security team at Microsoft highlighted high-volume phishing campaigns shooting millions of emails per day through an AitM phishing kit.

Top Breaches Reported in the Last 24 Hours

Nearly $200 million stolen
Digital adversaries swindled about $197 million in cryptocurrency from crypto lending platform Euler Finance. Blockchain monitoring firm PeckShield brought attention to the incident, which was in fact a series of transactions implying an ongoing attack on the victim firm. According to sources, the incident marks the 26th largest crypto theft ever.

Data of dead in wrong hands
The Department of Health, Hawaii, suffered a breach of close to 3,400 death records after a hacker obtained network access to the state’s death registry. However, death certificates were not accessed in the incident. It has warned families of recently deceased individuals and urged them to beware of cybercriminals approaching with unsettled matters such as accounts, estate, insurance claims, or Social Security survivor benefits.

Personal data of millions exposed
A breach incident at Zoll, a medical device maker, has impacted over one million people. A hacker was able to access personal details, such as names, dates of birth, addresses, and SSNs. It detected unusual activity on January 28 on its internal network. Zoll alleges that a vendor inadvertently left an email server exposed during a server migration process, leading to the breach.

Top Malware Reported in the Last 24 Hours

Makop, an underrated threat
Cybersecurity researcher Luca Mella shared technical insights on the Makop ransomware that attains persistence through dedicated .NET tools. To access victim networks, the gang makes use of internet-facing bugs and exposed remote administrative services. The operators began to work for their criminal enterprise in 2020 using a variant of the Phobos ransomware. 

Fake ChatGPT browser extension
Guardio Labs unearthed a Chrome extension that was pilfering Facebook account details and deploying backdoors in the name of offering rapid access to advanced ChatGPT capabilities. Attackers promoted it through sponsored posts on Facebook for quick onboarding of unsuspecting victims. It could steal authorized active session cookies and more.

Top Vulnerabilities Reported in the Last 24 Hours

Fortinet zero-day abused
An unknown cybercriminal group was found abusing a security flaw in Fortinet FortiOS software. The bug in question, tracked as CVE-2022-41328, is a path traversal flaw that allows an attacker with arbitrary code execution access. Further exploitation of the bug may result in data loss and OS and file corruption. The flaw affects FortiOS versions 6.0, 6.2, 6.4.0 through 6.4.11, 7.0.0 through 7.0.9, and 7.2.0 through 7.2.3.

Over a hundred flaws addressed
More than 100 vulnerabilities have been fixed by Siemens and Schneider Electric with the release of their March 2023 Patch Tuesday security advisory. A total of 65 bugs affecting components such as the Linux kernel, OpenVPN, Busybox, and OpenSSL, were patched in Ruggedcom and Scalance products. Devices running Siprotec 5 received a patch for a serious DoS flaw impacting Wind River VxWorks.

Top Scams Reported in the Last 24 Hours

Auction platforms under attack
The Criminal Investigation Bureau, Taiwan, disclosed that customers are most likely to fall victim to scams on two Singapore-based online auction marketplaces, namely Shopee and Carousell. The agency said that scammers pursued phishing attacks on these platforms that were aimed at harvesting the personal or business information of customers to carry out transactions. Officials warned that they have no security professional team in the country to assist victims in case of a successful hack.

Massive email campaigns via phishing kits
Microsoft Threat Intelligence stumbled across an open source adversary-in-the-middle (AiTM) phishing kit that furthers the ability of hackers to launch organized attacks and also scale it. The threat actor behind the kit is being tracked under the moniker DEV-1101. The kit’s features include setting up landing pages impersonating Microsoft Office and Outlook platforms. It can let attackers manage campaigns from mobile devices and even bypass CAPTCHA barriers.


phishing kit
siemens energy
makop ransomware
euler finance
zoll medical corporation
fortinets fortios
schneider electric products
chatgpt extension
zero days

Posted on: March 14, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite