Weekly Threat Digest: 21 – 27 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 340 10 5 53 24 84 The fourth week of March 2022 witnessed the discovery of 340 vulnerabilities out of which 10...

DarkHotel APT group targeting the Hospitality Industry in China

...

DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data

An advanced persistent threat APT group has been targeting luxury hotels in Macao, China with a spear-phishing campaign aimed at breaching their networks and stealing the sensitive data of high-profile guests staying at resorts, including the Grand Coloane Resort and Wynn Palace. A threat researc...

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...

Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. "All frameworks are designed to...

Windows Zero-Day Still Circulating After Faulty Fix

A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it. The local privilege-escalation bug in Windows 8.1 and Windows 10 CVE-2020-0986 exists in the Print Spooler API. It could allow a local attack...

COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports. The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human...

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit f...

Ramsey Malware

A new malware, called Ramsey, can jump air gaps: ESET said they've been able to track down three different versions of the Ramsay malware, one compiled in September 2019 Ramsay v1, and two others in early and late March 2020 Ramsay v2.a and v2.b. Each version was different and infected victims...

APT trends report Q1 2020

For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

Government VPN Servers Targeted in Zero-Day Attack

As the Chinese government turns to virtual private networks VPNs to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said. According to security analysts...

WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike

The World Health Organization WHO has attracted the notice of cybercriminals as the worldwide COVID-19 pandemic continues to play out, with a doubling of attacks recently, according to officials there. Problematically, evidence has also now apparently surfaced that the DarkHotel APT group has tri...

Microsoft Zero-Day Actively Exploited, Patch Forthcoming

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...

Google Discloses Chrome Flaw Exploited in the Wild

UPDATE Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers. The flaw CVE-2019-13720, discovered by security researchers Anton Ivanov and Alexey Kulaev at Kaspersky, exists in Google Chrome’s audio...

PT-2019-3377 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: A remote code execution issue exists due to the way the scripting engine handles objects in memory. This could allow an attacker to execute arbitrary code in the context of the...

ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks

The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in ...

Darkhotel Exploits Microsoft Zero-Day VBScript Flaw

Researchers have discovered that the Darkhotel APT is exploiting a recently-patched zero-day vulnerability impacting Microsoft VBScript. Researchers at Trend Micro recently disclosed the flaw in Microsoft Visual Basic Scripting Engine VBScript, an active scripting language developed by Microsoft...

Use CVE-2018-8373 0day vulnerabilities the attacks the Darkhotel gang-related analysis-vulnerability warning-the black bar safety net

Background 2018 8 on 15 May, the network security company Trend Micro disclosed its in this year 7 month to capture an example in the wild 0day vulnerability to attack, the attack uses the Windows VBScript Engine code execution vulnerability, through the analysis and comparison found that the 0da...

A Slice of 2017 Sofacy Activity

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard. O...