The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples found in th...

Actors, Threats and Vulnerabilities 13 February to 19 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs identified seven active actors over the past week. There were three prominent Russian actors, namely TA505, Nodaria, and KillNet. Additionally, three Chinese...

Multiple Fortinet products are vulnerable to unauthorized code execution flaws

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has released security updates to rectify security weaknesses in its range of products, such as FortiWeb, FortiOS, FortiNAC, FortiProxy, and others. The most significant vulnerability...

APT Earth Kitsune delivers new WhiskerSpy malware via watering hole attack

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Earth Kitsune, an advanced persistent threat APT actor known for targeting individuals interested in North Korea, also China, Brazil, and Japan and has been found to be using a new backdoor called...

ProxyShellMiner Exploits Windows Exchange Server Vulnerabilities for Cryptocurrency Mining

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ProxyShellMiner exploits Windows Exchange servers vulnerabilities, which are used to gain unauthorized access and compromise an organization, leading to the installation of cryptocurrency miners...

Israel’s Technion Targeted by DarkBit Ransomware’s Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The DarkBit ransomware is a newly emerged threat in the cybersecurity scene that has targeted Technion - Israel Institute of Technology, a prestigious academic institution in Israel. The attackers behind...

The Impact of Artificial Intelligence on Cybersecurity

Abstract: Artificial Intelligence AI has been a game-changer in many industries, and cybersecurity is no exception. AI has revolutionized the way organizations approach security, providing new and innovative solutions for detecting and mitigating cyber threats. However, with its increasing use, i...

Threat Exposure Management: An Overview

In recent years, the threat landscape has rapidly evolved, resulting in a growing number of cyber security incidents. This has led organizations to focus on the effective management of their threat exposure, as a means of mitigating the risk of cyber attacks. Threat exposure management is a...

ProxyShellMiner Exploits Windows Exchange Server Vulnerabilities for Cryptocurrency Mining

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ProxyShellMiner exploits Windows Exchange servers vulnerabilities, which are used to gain unauthorized access and compromise an organization, leading to the installation of cryptocurrency miners...

New Ransomware Campaign “TZW” Linked to GlobeImposter Targets South Korean Organizations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new ransomware campaign called TZW is affecting organizations in South Korea. The campaign is linked to the known malware family GlobeImposter, suggesting that the actors behind GlobeImposter are...

Dalbit Threat Actor Launches Attack Campaign Against Multiple Korean Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Dalbit is a threat actor group that has been active since at least 2022. They have been targeting South Korean companies, with more than 50 confirmed attack attempts so far. The group relies on open-sourc...

Citrix Resolves Vulnerabilities in Virtual Apps and Workspace Apps

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix Systems has addressed vulnerabilities in its Virtual Apps and Desktops, as well as Workspace Apps products, that could potentially enable attackers with local access to the target to elevat...

Red Eyes Exploits Hangul EPS Vulnerability and Steganography to Spread Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Red Eyes group used an old vulnerability in Hangul word processor to spread malicious code via steganography, stealing personal PC information and mobile phone data, and executing C&C commands using ...

Microsoft tackles three actively exploited zero-day vulnerabilities and several other bugs

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary In February 2023s Patch Tuesday, Microsoft released a patch that addressed 75 vulnerabilities, including three zero days. The patch addressed 12 Elevation of Privilege vulnerabilities, 2 Security...

Emerging MortalKombat Ransomware and Laplas Clipper Malware Targeting Cryptocurrency

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An unidentified actor using the MortalKombat ransomware and a GO variant of the Laplas Clipper malware to steal cryptocurrency from victims. This campaign aims to steal or demand ransom payments in...

New China-based Group Expands Operations to Compromise Diplomatic Targets in South America

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The China-based cyber espionage group DEV-0147 has expanded its data exfiltration operations to include diplomatic targets in South America, in addition to targeting government agencies and think tanks in...

Revealing the Tonto Team’s Latest Hacks and Menaces

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Tonto Team, a Chinese hacking group, has been linked to attacks on various Asian and Eastern European organizations. In June 2022, an advanced persistent threat APT attempted to hack a cybersecurity...

Apple Addressed A Zero-day Vulnerability With An Emergency Security Update

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Apple has released an emergency security update to fix a zero-day vulnerability, CVE-2023-23529, that could be used to hack iPhones, iPads, and Macs. The vulnerability was found in WebKit and coul...

Russian Hacker Group Disrupts Relief Efforts for Turkey-Syria Earthquake with DDoS Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Killnet, a Russian hacker group, disrupted relief efforts for the Turkey-Syria earthquake by carrying out DDoS attacks, taking down the websites of NATO Special Operations Headquarters and Strategic...

Actors, Threats and Vulnerabilities 6 February to 12 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro identified three active actors over the past week. The first, OilRig, is a well-known threat actor known for its information theft and espionage activities. The secon...

Russia-linked Nodaria group employs Graphiron information stealer

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber espionage group linked to Russia, known as Nodaria, has been spotted deploying a newly created information-stealing malware named Graphiron in attacks aimed at Ukraine. The malware, coded in Go,...

Clop Ransomware Group Claims Responsibility for GoAnywhere MFT Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Clop ransomware group claims responsibility for recent cyber attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool. The vulnerability, now known as...

NewsPenguin Threat Actor Unleashes Malicious Attacks on Pakistani Firms

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A recently identified adversary, referred to as NewsPenguin, has been associated with a sophisticated phishing campaign targeting Pakistani organizations. The attacker employs a highly intricate payload...

OpenSSL Releases Update to Address Several High-Severity Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The OpenSSL Project has released fixes for several security flaws, including a high-severity bug CVE-2023-0286 that could expose users to malicious attacks. The bug is related to a type of confusi...

An Authentication Vulnerability Discovered in Jira Service Management Server and Data Center

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security vulnerability was found in Jira Service Management Server and Data Center versions 5.3.0 to 5.5.0 which allows an attacker to access a Jira Service Management instance by impersonating...

Chrome 110 Tackles a Collection of Security Weaknesses

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome version 110 is now being rolled out to the stable channels for Windows, Mac, and Linux users. This update includes bug fixes and improvements, specifically addressing security issues...

The SteelClover Group is Spreading Malware via Google Ads in Japan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SteelClover is a malicious attack group that has been active since 2019 and has been observed to conduct various attacks for financial gain. SteelClover recently saw a rise in malware downloading inciden...

Trigona Ransomware’s Rampant Threat to Businesses

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trigona has gained momentum lately due to its utilization of the double-extortion technique of encrypting crucial assets within an organization, including endpoints and infrastructure, and demanding...

Linux Variant of Cl0p Ransomware Discovered with Flawed Encryption Algorithm

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Cl0p ransomware for Linux has been discovered. The executable file in ELF format has a flawed encryption algorithm, which allows for the decryption of the locked files without...

The ESXiArgs ransomware attack is targeting VMware ESXi servers globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A global ransomware attack, known as ESXiArgs, is affecting servers using VMware ESXi hypervisors version 6.x prior to 6.7 due to a vulnerability CVE-2021-21974 caused by a heap overflow issue in the Ope...

Mustang Panda APT targets Europe with customized PlugX malware

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Mustang Panda APT group has been targeting government and public sector organizations across Asia and Europe since at least 2019. Recently, the group has shifted from using archive files to using...

Actors, Threats and Vulnerabilities 30 January to 5 February 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, Sandworm Team, is a well-known Russian threat actor known for Sabotage and destruction. The...

Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated with a...

A new botnet called the Medusa Botnet is emerging via Mirai Botnet targeting Linux users

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Mirai is a botnet that has been active since 2016 and exploits vulnerabilities in Linux-based networking devices like routers and IoT devices to gain control and perform malicious activities like...

A critical flaw in Cisco IOx Root Access Threat has been discovered

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Cisco has issued security patches to address a high-severity vulnerabilityCVE-2023-20076 in the Cisco IOx application hosting environment that can be exploited to execute arbitrary commands as roo...

Cyberattack on Medical and Energy Sector by Lazarus Group

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber-attack conducted by North Korean state-sponsored Lazarus Group targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain for...

Unveiling the Advanced Rust-based Nevada Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new type of ransomware named "Nevada Ransomware" has been identified. The creators of this ransomware have established an affiliate program that was initially introduced in the RAMP underground...

MalVirt: .NET Malware Loaders Spread through Malvertising Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MalVirt is a cluster of virtualized .NET malware loaders are distributed through malvertising attacks that use obfuscated virtualization and the Windows Process Explorer driver to evade anti-analysis and...

Ice Breaker a Looming Threat on the Gaming Industry

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Online gaming and gambling companies have been targeted by hackers using unseen backdoors. The attacks are grouped together and referred to as "Ice Breaker." The intrusions make use of smart social...

VectorStealer Malware steals Sensitive Information via RDP Hijacking and Phishing Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary VectorStealer is a malware that steals .rdp files through phishing emails, can be generated for USD 63 in Bitcoin, exfiltrates stolen information through SMTP, Discord, or Telegram, and uses the KGB...

Headcrab malware is targeting Redis servers worldwide to mine Monero

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HeadCrab is a new and severe malware that is infiltrating and residing on servers worldwide. It is a custom-made Redis-based malware that is undetectable by traditional anti-virus solutions and has...

Summary of Vulnerabilities & Threats: January 2022

...

The Menace of TrickGate Packer-as-a-Service Spreading Malware Globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TrickGate has bundled several of the most well-known top-distribution malware families, including Trickbot, Maze, Emotet, REvil, CoinMiner, Cobalt Strike, Formbook, Remcos, AgentTesla, and many others...

Uncovering the Threat of BlueBravo with GraphicalNeutrino and BEATDROP

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GraphicalNeutrino and BEATDROP are malicious software used by the Russian-linked threat group BlueBravo in targeted cyber attacks, using legitimate Western services for command-and-control communications...

Infection and Evolution of the GOOTLOADER Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk an...

Proof-of-concept released for Windows CryptoAPI vulnerability

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by...

QNAP addresses a vulnerability in NAS devices

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary QNAP has released updates to address a security flaw in its network-attached storage NAS devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL...

Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information theft and...

Cyber Attack on Ukrainian National Information Agency

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary On 17th January 2023, the Ukrainian National Information Agency "Ukrinform" suffered a partial cyber attack. The Government Computer Emergency Response Team of Ukraine CERT-UA initiated an investigation...

New Ransomware Mimic Emerges in the Wild, Abusing Legitimate Tool for Faster Encryption

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mimic is a new ransomware that uses the APIs of a legitimate tool called Everything to encrypt target files and has multiple capabilities such as deleting shadow copies, terminating multiple applications...