Cyware Daily Threat Intelligence, March 17, 2021

While the cyber world is still reeling from the effects of recent large-scale supply-chain hacks, more conventional attack campaigns continue to resurface. Now, security researchers have discovered a cyber espionage campaign dubbed Operation Diànxùn that was found targeting numerous telecommunications providers across Southeast Asia, Europe, and the U.S.

In a bid to further their malicious operations, cybercrime groups are busy upgrading their arsenal. A new variant of Mirai botnet was found exploiting vulnerabilities in SonicWall SSL-VPN, D-Link DNS-320 firewall, Netgear ProSAFE Plus, Netis WF2419 wireless router, and other IoT devices. In other news, the FBI has warned of PYSA ransomware attacks against educational institutions in the U.K and the U.S.

Mimecast revealed that SolarWinds attackers broke into its internal network and downloaded source code from a limited number of repositories. The attackers, moreover, gained access to a subset of email addresses, salted and hashed credentials, and contact info.

An espionage campaign dubbed Operation Diànxùn has been identified by the McAfee Advanced Threat Research Strategic Intelligence team. The attack tactics match those of RedDelta and Mustang Panda threat actors. The campaign is actively targeting telecommunication firms and the goal is suspected to be gaining access to covert information related to 5G technology. 

South and City College Birmingham (SCCB) closed all eight of its campuses after a massive ransomware attack disabled its IT systems. All 13,000 students were informed about online lectures and have been asked to stay away from college campuses.

A threat actor leaked data, including customer and payment information, from the WeLeakInfo data breach site and published it on another hacker forum - RaidForums. The now-defunct website contained around 12.5 billion user records, including names, email addresses, phone numbers, addresses, and passwords. 

The FBI has warned of PYSA ransomware attacks against educational institutions in the U.K and the U.S. The flash alert was released in coordination with DHS-CISA and offers IoCs to defend against the threat.

Unit 42 researchers discovered a new variant of Mirai botnet attacking SonicWall SSL-VPN, D-Link DNS-320 firewall, Netgear ProSAFE Plus, Netis WF2419 wireless router, and other IoT devices. Some of the vulnerabilities exploited by the malware are tracked as CVE-2020-25506, CVE-2020-26919, and CVE-2019-19356, among others.

DuckDuckGo has fixed a universal XSS flaw in a popular browser extension—DuckDuckGo Privacy Essentials—for Firefox and Chrome. This flaw could allow attackers to execute arbitrary code on any domain.

A phishing scam has been spotted to lure Indian users into disclosing personal and banking information. The targeted banks include ICICI, State Bank of India, HDFC, Punjab National Bank, and Axis Bank. The links have been found to be originating from France and the U.S.