Go to listing page

Cyware Daily Threat Intelligence, November 14, 2022

Cyware Daily Threat Intelligence, November 14, 2022

Share Blog Post

While examining some attacks, a Ukrainian cybersecurity agency bumped into a new ransomware strain, dubbed Somnia. Reportedly, cybercriminals breached the victims’ networks with the aid of an access broker that used data-stealing malware to capture the Telegram session data of the victims. Speaking of malware, a much more versatile KmsdBot malware was observed in the wild, targeting luxury car brands, gaming firms, and security firms. SSH connections with weaker login credentials are susceptible to the attacks.

What more? A fake extortion scam has been doing the rounds wherein hackers claim to leak the stolen data if a ransom demand isn’t met by website owners. Potential victims are being warned to not fall for it.

Top Breaches Reported in the Last 24 Hours

Hackers drained $600 million off FTX
Several wallets for crypto exchange FTX were compromised to pilfer about $600 million,
all visible on the blockchain tracker Etherscan. Users have been urged to delete FTX apps and avoid using its website. The crypto exchange filed for bankruptcy on Friday after a large number of withdrawals from the exchange.

Deutsche Bank’s network access for sale
A threat actor, on Telegram, claims to have obtained access to Deutsche Bank’s network. It includes around 21,000 machines in the bank’s network; the majority are Windows systems. File servers with more than 16TB of internal data could be in the attacker’s control.

OakBend ransomware update
OakBend Medical Center, in a new disclosure about the ransomware incidents, revealed that hackers obtained the personal and medical information of up to 500,000 individuals. For many of them, the leaked data also includes Social Security numbers and birth dates. The Texas medical system has, hence, warned current and former patients to be vigilant about receiving spam messages.

Ransomware targets Canadian supermarket chain
Canada’s second-largest supermarket chain Sobeys fell victim to a ransomware attack, allegedly conducted by Black Basta. Though it didn’t affect its payment systems, customers could face issues while processing gift cards and refilling prescriptions. The company, however, is yet to confirm a data breach.

Bahrain elections process interrupted
Hackers targeted government websites in Bahrain on the day parliamentary and local elections were held. The government has not disclosed details about the websites targeted, however, the websites for the state-run Bahrain News Agency (BNA) and Bahrain’s parliament were observed to be offline.

Top Malware Reported in the Last 24 Hours

Somnia: New ransomware against Ukraine
During an investigation into the recent series of attacks against organizations in Ukraine, the CERT-UA discovered a new ransomware variant called Somnia. The government has attributed the attacks to the group ‘From Russia with Love’ (FRwL), allegedly a Pro-Russian hacker group. The attackers apparently used “Advanced IP Scanner” software as bait that, in fact, contained the Vidar stealer.

Multipurpose KmsdBot malware
Akamai uncovered an evasive malware, KmsdBot, being used to target companies ranging from gaming to luxury car brands to security firms. It uses the SSH cryptographic protocol to enter systems with the goal of mining and launching DDoS attacks. The malware is equipped to control the mining process and update the malware if required.

Top Vulnerabilities Reported in the Last 24 Hours

CISA warns about Zimbra bugs
Unpatched flaws in Zimbra Collaboration Suite are being abused by cyber adversaries to launch attacks against government and private sector entities. Officials said those exposed to the internet may assume that they have been compromised, and use third-party detection signatures provided in the CISA advisory to identify threat activity. 

Top Scams Reported in the Last 24 Hours

Extortion attempt against website owners
Website owners and admins around the world are being targeted by a handful of scammers claiming to have hijacked their servers. Scammers, self-dubbed Team Montesano, demand $2,500 in their email to victims by threatening them of leaking the stolen data, damaging their reputation, and getting the site blacklisted for spam.


sobeys inc
somnia inc
deutsche bank
team montesano
zimbra collaboration suite
oakbend medical center

Posted on: November 14, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite