Go to listing page

Cyware Daily Threat Intelligence, September 13, 2021

Cyware Daily Threat Intelligence, September 13, 2021

Share Blog Post

The threat landscape is constantly evolving and threat actors show no signs of slowing down. A two-year-old spam campaign associated with the notorious APT-C-36 threat actor group has been revamped to distribute another malware, dubbed BitRAT, as the final payload. Researchers’ telemetry shows that the campaign has affected organizations in the financial, healthcare, and government sectors across South America.  

Besides, the old-school phishing email attack vector was used in another cyberespionage campaign spreading a new variant of the Dridex trojan. Meanwhile, a North Korean threat actor group Kumsong 121 used the same attack vector to trick computer and phone users into sharing their sensitive details.

Top Breaches Reported in the Last 24 Hours

Olympus targeted
Japanese technology manufacturer Olympus has become the latest victim of the BlackMatter ransomware attack. This had affected business units in Europe, the Middle East, and Africa. The attack occurred on September 8. 

Kumsong 121 attacks users
A North Korean threat actor group Kumsong 121 has been spotted launching a cyberattack campaign targeted against computer and mobile users. The campaign leverages social media platforms followed by phishing emails to trick users into downloading malicious documents. The ultimate goal of the attack is to pilfer the private information of users.  

NYS Excelsior app loophole
New York users are being urged to update the NYS Excelsior Pass app that can allow attackers to create and store fake COVID-19 vaccine credentials. The issue can be used as a possible attack vector against the application and the system in general. 

Government agency attacked
A ransomware attack has crippled the email and bail services at the Department of Justice and Constitutional Development of South Africa. However, the department claims that no data has been exfiltrated during the attack. 

Update on Puma security breach
A latest update reveals that hackers stole source code for an internal application in the recent attack on Puma. The company confirmed that no consumer or employee data was affected in the breach. 

Top Malware Reported in the Last 24 Hours

New Dridex variant
A new variant of Dridex trojan is being distributed in the wild via phishing emails with malicious Excel attachments to target users. The new malware variant uses multiple anti-analysis techniques to prevent detection in addition to data-stealing capabilities. 

BitRAT spotted
Researchers have uncovered a new spam campaign that distributes BitRAT. Associated with the APT-C-36 aka Blind Eagle threat actor group, the campaign is targeted against organizations in South America. The campaign is propagated via phishing emails that pretend to be from Colombia’s national directorate of taxes and customs, Dirección de Impuestos y Aduanas Nacionales (DIAN).
Top Vulnerabilities Reported in the Last 24 Hours

WordPress 5.8.1 fixed
WordPress has fixed three security vulnerabilities in version 5.8.1. Two of these flaws are related to a data exposure issue involving the REST API, and a cross-site scripting flaw in the block editor. These vulnerabilities affect WordPress versions between 5.4 and 5.8.

Citrix issues security patches
Citrix has released patches for several vulnerabilities found in Hypervisor. The most severe of these flaws is tracked as CVE-2021-28697, which has a CVSS score of 7.8. Other significant flaws include page mapping and a privilege escalation issue. 


dridex trojan
kumsong 121

Posted on: September 13, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite