Updated: Jul 12
Recently, three Iranian steel plants fell victims to disruptive data breaches. The threat actor responsible leaked a huge trove of sensitive data and said that it was just the “first part.” While on the topic of data breaches, a new update on the PFC USA cyberattack has come in. As Amazon Prime Day is knocking on the door, cybercriminals are trying to knock off your data. Read along for more news from the past 24 hours.
Threat Intelligence - Hacking news
Top Breaches, Malware, Vulnerabilities Reported in the Last 24 Hrs
The Predatory Sparrow threat actor attacked multiple Iranian steel facilities and posted 20GB of corporate documents. The group claimed that it has more data to leak.
The recent data breach of PFC USA, which affected 657 healthcare entities, was the work of Quantum ransomware. The gang is related to Conti and moves laterally using Cobalt Strike.
A new ransomware family, Checkmate, is targeting exposed SMB-enabled QNAP NAS devices by brute-forcing weak passwords - revealed an advisory by the Taiwanese vendor.
CuteBoi, a large-scale cryptomining campaign, is targeting the NPM package repository. The attackers published 1,283 malicious modules through 1,000 automated user accounts.
Fake copyright infringement complaints are targeting website owners to disseminate the IcedID, BumbleBee, and BazarLoader malware. The campaign is conducted by TA578, who is using Yandex Forms for the same.
In an unanticipated twist, the TrickBot gang has resorted to systematically targeting Ukraine since February. It has launched at least six phishing campaigns deploying Meterpreter, AnchorMail, IcedID, and Cobalt Strike.
Check Point witnessed a 37% increase in Amazon-related phishing attacks since the start of July, in the light of Amazon Prime Day 2022. Almost 1,900 domains with the term ‘Amazon’ were registered, of which 10% were malicious.
An adware campaign by ABCsoup is leveraging 350 browser extension variants pretending to be a Google Translate add-on. The extensions can evade most endpoint security software.
Emsisoft released free decryptors for the victims of AstraLocker and Yashma ransomware. The decryptor is available for download from the firm’s servers and contains an easy-to-follow guide.
Coalition, a San Francisco-based cyber insurance company, raised $250 million in Series F funding, led by Allianz X, Valor Equity Partners, and Kinetic Partners, along with other existing investors.