Threat Intelligence Cybersecurity Hacking News Feb 2022
Updated: Feb 22, 2022
Hackers are getting more and more getting better at masking their attack's payloads types from detection on such a unique trick. In a recent discovery, cybersecurity has found that attackers are leveraging lesser-known ppam add-on files in PowerPoint to wrap their malicious executables. . Although it's a relatively new technique, such files are sent via phishing emails which continue to be a popular attack vector for cybercriminals.
Another cyber-espionage campaign that leveraged the spear-phishing method was also found targeting various government and media organizations in Europe. Dubbed Operation EmailThief, the campaign was attributed to a threat actor named TEMP_Heretic. In other updates, a new threat actor group named Antlion managed to stay under the radar for months to distribute a custom backdoor called xPack.
Top Breaches Reported in the Last 7 days
Morley Discloses Ransomware Attack
Business services provider Morley Companies Inc. disclosed a data breach after falling victim to a ransomware attack on Aug. 1, 2021, according to a security incident notification by the company on Wednesday. The data breach allowed hackers to steal data before the company was able to encrypt the files, which impacted more than 500,000 individuals, including Morley’s employees, contractors, and clients.
Zero-day XSS Vulnerability in Zimbra
In December 2021, through its Network Security Monitoring service, Volexity identified a series of targeted spear-phishing campaigns against one of its customers from a threat actor it tracks as TEMP_Heretic. Analysis of the emails from these spear phishing campaigns led to a discovery: the attacker was attempting to exploit a zero-day cross-site scripting (XSS) vulnerability in the Zimbra email platform. Zimbra is an open source email platform often used by organizations as an alternative to Microsoft Exchange.
KP Snacks supply chain shut down by Conti ransomware attack
British snacks producer Kenyon Produce (KP) Snacks has fallen victim to a ransomware attack that caused huge disruptions to its manufacturing and distribution operations.
After an initial investigation of an IT outage on Friday 28 January, KP said it was able to confirm this week that its systems had been “compromised by ransomware.
Over $320 Million Taken in Wormhole Hack
Wormhole, one of the most popular bridges that link the Ethereum and Solana blockchains, has suffered a theft of cryptocurrencies worth over $320 million in an apparent hack that took place on Feb. 2, 2022.
Top Malware Reported in the Last 7 days
xPack backdoor malware
Chinese state-backed advanced persistent threat (APT) group Antlion has been targeting financial institutions in Taiwan in a persistent campaign over the course of at least 18 months.
The attackers deployed a custom backdoor we have called xPack on compromised systems, which gave them extensive access to victim machines.
The malware has been used in a campaign against targets in Taiwan that researchers believe spanned for more than 18 months, between 2020 and 2021, allowing the adversaries to run stealthy cyber-espionage operations.
According to a report from Symantec, a Broadcom company, shared with BleepingComputer, xPack enabled attackers to run WMI commands remotely, to leverage EternalBlue exploits, and mounted shares over SMB to deliver data to the command and control (C2) server.
New 'Sugar' Ransomware
A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands. The Sugar ransomware family is written in Delphi and borrows objects from other ransomware families out there. It was initially spotted in November 2021, but hasn’t been detailed before.
Top Vulnerabilities Reported in the Last 24 Hours ESET patches a flaw
ESET has recently published patches to fix a local privilege escalation vulnerability detected in all the clients of its Windows products that enables the threat actors to escalate privileges and execute arbitrary code.
The cybersecurity analysts at Zero Day Initiative (ZDI) on November 18, 2021, have identified and tracked vulnerability as “CVE-2021-37852,” which is marked as critical in terms of severity since it allows the threat actors to exploit the AMSI scanning function.
CISA warns about flaws in Mimosa equipment
CISA has warned of critical vulnerabilities in Airspan Networks Mimosa, some of which have earned CVSS severity score ratings of 10, the highest possible. CISA has warned of critical vulnerabilities in Airspan Networks Mimosa, some of which have earned CVSS severity score ratings of 10, the highest possible.