Go to listing page

Cyware Daily Threat Intelligence, May 28, 2021

Cyware Daily Threat Intelligence, May 28, 2021

Share Blog Post

While the victims of the SolarWinds supply chain attack are still dealing with the aftermath, the threat actors behind the hack are back with a new wave of attacks. This time, the Nobelium APT group is taking aim at government agencies tied with USAID to take control of their email accounts. So far, around 3,000 email accounts at more than 150 different organizations have been targeted as a part of the campaign.

It’s high time that users should start using updated Pulse Secure VPN products as four new malware families—Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse—have been found targeting them. In other news, a trojanized AnyDesk remote desktop application is tricking users into sharing their system information.

Top Breaches Reported in the Last 24 Hours

New phishing campaign
Nobelium APT group is conducting a phishing campaign impersonating USAID to take control of accounts linked to government agencies, think tanks, consultants, and non-government organizations. The campaign has so far targeted around 3,000 accounts across 24 countries.

Klarna bank app leaks data
A design flaw in Klarna Bank allowed mobile app users to log into other customer accounts and view their stored information. The exposed data included names, mobile numbers, bank accounts, purchases, and credit cards.

Canada Post data breach
A malware attack on one of Canada Post’s suppliers has affected 44 of the company’s large business clients and their 950,000 customers. The information affected is from July 2016 to March 2019. Ninety-seven percent of the compromised data includes names and addresses of customers.

Top Malware Reported in the Last 24 Hours

Four new malware discovered
Researchers have discovered four new malware families designed to compromise Pulse Secure VPN products. The four newly discovered malware are Bloodmine, Bloodbank, Cleanpulse, and Rapidpulse. The vulnerabilities targeted in these attacks are CVE-2021022893, CVE-2019-11510, and CVE-2020-8260, and CVE-2020-8243, which can be used to establish persistence on vulnerable appliances and further compromise devices.

Trojanized AnyDesk
Cybersecurity experts tracked down a clever malvertising network that leveraged Google search ads to deliver a weaponized AnyDesk Installer. The campaign which was launched in April 21, 2021, was used to collect and exfiltrate system information.

Top Vulnerabilities Reported in the Last 24 Hours

Fortinet vulnerabilities exploited
The FBI has issued an alert following a cyberattack on a local government office that occurred earlier this month. The attackers had gained access to devices on ports 4443, 8443, and 10443 by exploiting Fortinet vulnerabilities. The flaws were identified as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5991.

HPE fixes a critical zero-day flaw
HPE has released a security update to address a zero-day vulnerability discovered in its Systems Insight Manager (SIM) software, disclosed last year. The flaw is tracked as CVE-2020-7200 and affects version 7.6.x of the software.

Siemens issues an advisory
Siemens has released an advisory about five high-severity vulnerabilities affecting its Solid Edge product. The flaws are introduced by fourth-party software that is also used by many other organizations. Four of these flaws are related to memory corruption issues.


nobelium apt group
pulse secure vpn products
anydesk remote desktop

Posted on: May 28, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite