February 28, 2022

Fortify Security Team
Feb 28, 2022

Title: Ukraine recruits “IT Army” to Hack Russian Entities, Lists 31 Targets
Date Published: February 26, 2022


Excerpt: “Ukraine is recruiting a volunteer “IT army” of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks.Saturday afternoon, Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov announced that they need volunteer “digital talents” for an “IT Army” to conduct operational tasks against Russia on the cyber frontline.”

Title: Chipmaker Giant Nvidia Hit by a Ransomware Attack
Date Published: February 27, 2022


Excerpt:The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for two days. The security breach is not connected to the ongoing crisis in Ukraine, according to a person familiar with the incident. The incident also impacted the company’s developer tools and email systems, but business and commercial activities were not affected.”

Title: Belarusian Spearphishing Campaign Targets Ukraine Military
Date Published: February 26, 2022


Excerpt: “The Computer Emergency Response Team of Ukraine is warning of a massive spearphishing campaign targeting private accounts of Ukrainian military personnel and related individuals. CERT-UA attributes the activities to the UNC1151 group, which consists of officers of the Ministry of Defense of the Republic of Belarus.”

Title: Reborn of Emotet: New Features of the Botnet and How to Detect it
Date Published: February 28, 2022


Excerpt: “One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet’s executables. And it looked like the end of the trojan’s story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet’s malicious documents.”

Title: Stealthy Daxin is China’s ‘Most Advanced Piece of Malware’
Date Published: February 28, 2022


Excerpt: “New malware attributed to China – more technologically advanced, stealthy and long-lasting than any seen before from the country – is challenging the orthodoxy of Chinese threat intelligence. Researchers at Broadcom’s Symantec division on Monday detailed and attributed the malware they have dubbed Daxin, which has been used in attacks in some form since at least 2013. Nine years is extreme longevity for any threat actor, especially China – not regarded as a nation interested primarily in staying under the radar. In its report, Symantec dubs Daxin “the most advanced piece of malware Symantec researchers have seen from China-linked actors.””

Title: Conti Ransomware’s Internal Chats Leaked After Siding with Russia
Date Published: February 27, 2022


Excerpt: “A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine. BleepingComputer has independently confirmed the validity of these messages from internal conversations previously shared with BleepingComputer regarding Conti’s attack on Shutterfly.”

Title: Iran-linked UNC3313 APT Employed Two Custom Backdoors Against a Middle East Gov Entity
Date Published: February 28, 2022


Excerpt: “UNC3313 is an Iran-linked threat actor that was linked with “moderate confidence” to the MuddyWater nation-state actor (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) by cybersecurity firm Mandiant. UNC3313 was observed deploying two new custom backdoors, tracked as GRAMDOOR and STARWHALE, as part of an attack against an unnamed government entity in the Middle East in November 2021.”

Title: Feds Advise ‘Shields Up’ as Russian Cyberattack Defense
Date Published: February 27, 2022


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency, along with the FBI, issued a joint advisory on Saturday pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. The agency has also updated the Shields Up webpage to include new information, recommendations for corporate leaders and actions to protect critical assets.”

Title: CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software
Date Published: February 28, 2022


Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system (ICS) advisory related to multiple vulnerabilities impacting Schneider Electric’s Easergy medium voltage protection relays.”

Title: 2022 May be the Year Cybercrime Returns its Focus to Consumer
Date Published: February 27, 2022


Excerpt: “Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers. This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.”

Recent Posts

June 10, 2022

Title: Bizarre Ransomware Sells Decryptor on Roblox Game Pass Store Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/ Excerpt: “A new ransomware is taking the unusual approach of...

June 9, 2022

Title: New Symbiote Malware Infects all Running Processes on Linux Systems Date Published: June 9, 2022 https://www.bleepingcomputer.com/news/security/new-symbiote-malware-infects-all-running-processes-on-linux-systems/ Excerpt: “A newly discovered Linux malware known...

June 8, 2022

Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws Date Published: June 7, 2022 https://www.bleepingcomputer.com/news/legal/surfshark-expressvpn-pull-out-of-india-over-data-retention-laws/ Excerpt: “Surfshark announced today they are shutting down...

June 6, 2022

Title: Italian City of Palermo Shuts Down all Systems to Fend off Cyberattack Date Published: June 6, 2022 https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/ Excerpt: “The municipality of Palermo in...

June 3, 2022

Title: Critical Atlassian Confluence Zero-Day Actively Used in Attack Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/ Excerpt: “Hackers are actively exploiting a new Atlassian...

June 2, 2022

Title: Conti Ransomware Targeted Intel Firmware for Stealthy Attacks Date Published: June 2, 2022 https://www.bleepingcomputer.com/news/security/conti-ransomware-targeted-intel-firmware-for-stealthy-attacks/ Excerpt: “Researchers analyzing the leaked chats of the...

June 1, 2022

Title: Ransomware Attacks Need Less Than Four Days to Encrypt Systems Date Published: June 1, 2022 https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/ Excerpt: “The duration of ransomware attacks in 2021...