Malware
New Malware in the Cloud By TeamTNT
Impacted Industries: All
What You Need To Know:
Aqua has observed attacks resembling a cryptomining threat actor who claimed they ceased operations in November 2021. However, based on the attacks using various TTPs and tools associated with the threat actor, Aqua assesses they have resumed cryptomining operations.
Malware
The Evolution of the Chromeloader Malware
Impacted Industries: All
What You Need To Know:
VMWare has observed the continued evolution of malware, used to steal user’s browser credentials and recent online activity, and hijack browser searches, spread as an ISO file through pirated or cracked versions of games or software.
Threat Actors
It’s Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
Impacted Industries: Broadcasting and Content Providers, Public Administration
What You Need To Know:
Mandiant discovered a North Korean threat actor phishing a company in the media industry using a trojanized PuTTY utility to deploy the Airdry backdoor.
Threat Actors
Gamaredon APT Targets Ukrainian Government Agencies in New Campaign
Impacted Industries: Public Administration
What You Need To Know:
Cisco Talos identified a new and ongoing campaign that targets Ukrainian users with information-stealing malware attributed to a Russia-linked advanced persistent threat group.
Threat Actors
Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
Impacted Industries: Executive, Legislative, and Other General Government Support, Ukraine Public Administration or entities that have offices in that region
What You Need To Know:
Recorded Future has observed an increase in a Russian APT C2 infrastructure and the frequent use of dynamic DNS domains targeted against Ukraine. Using HTML smuggling to automatically deploy an ISO file contained within the HTML of these domains.
Threat Actors
Webworm: Espionage Attackers Testing and Using Older Modified RATs
Impacted Industries: Professional, Scientific, and Technical Services, Transportation, and Utilities
What You Need To Know:
Symantec has discovered a threat group has developed customized versions of three older RATs, using one in an attack against an organization operating in multiple Asian countries in the professional, scientific, and technical services sectors. Others appear to be in pre-deployment or testing stages.
Exploited Vulnerabilities
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
Impacted Industries: Critical Infrastructure
What You Need To Know:
A joint Cybersecurity Advisory, released by the FBI, NSA, and partner countries, details the observations of Iranian threat actors exploiting vulnerabilities in VMware Horizon, Fortinet, and Microsoft Exchange for initial access. The adversary used this access to support data exfiltration and ransomware operations.
Exploited Vulnerabilities
CISA Adds 6 Vulnerabilities To Its Known Exploited Vulnerabilities Catalog
Impacted Industries: All
What You Need To Know:
Based on evidence of active exploitation, CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog. Some of the software affected include Microsoft Windows, Linux, and Trend Micro Apex One.
What We Mean When We Say
Estimates of Likelihood
We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.
Confidence in Assessments
Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:
- High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
- Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
- Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.
Share