February 28, 2022

Fortify Security Team
Feb 28, 2022

Title: Ukraine recruits “IT Army” to Hack Russian Entities, Lists 31 Targets
Date Published: February 26, 2022

https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/

Excerpt: “Ukraine is recruiting a volunteer “IT army” of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks.Saturday afternoon, Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov announced that they need volunteer “digital talents” for an “IT Army” to conduct operational tasks against Russia on the cyber frontline.”

Title: Chipmaker Giant Nvidia Hit by a Ransomware Attack
Date Published: February 27, 2022

https://securityaffairs.co/wordpress/128456/cyber-crime/nvidia-ransomware-attack.html

Excerpt:The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for two days. The security breach is not connected to the ongoing crisis in Ukraine, according to a person familiar with the incident. The incident also impacted the company’s developer tools and email systems, but business and commercial activities were not affected.”

Title: Belarusian Spearphishing Campaign Targets Ukraine Military
Date Published: February 26, 2022

https://www.bankinfosecurity.com/belarusian-spearphishing-campaign-targets-ukraine-military-a-18617

Excerpt: “The Computer Emergency Response Team of Ukraine is warning of a massive spearphishing campaign targeting private accounts of Ukrainian military personnel and related individuals. CERT-UA attributes the activities to the UNC1151 group, which consists of officers of the Ministry of Defense of the Republic of Belarus.”

Title: Reborn of Emotet: New Features of the Botnet and How to Detect it
Date Published: February 28, 2022

https://thehackernews.com/2022/02/reborn-of-emotet-new-features-of-botnet.html

Excerpt: “One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet’s executables. And it looked like the end of the trojan’s story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet’s malicious documents.”

Title: Stealthy Daxin is China’s ‘Most Advanced Piece of Malware’
Date Published: February 28, 2022

https://www.scmagazine.com/analysis/cyberespionage/stealthy-daxin-is-chinas-most-advanced-piece-of-malware

Excerpt: “New malware attributed to China – more technologically advanced, stealthy and long-lasting than any seen before from the country – is challenging the orthodoxy of Chinese threat intelligence. Researchers at Broadcom’s Symantec division on Monday detailed and attributed the malware they have dubbed Daxin, which has been used in attacks in some form since at least 2013. Nine years is extreme longevity for any threat actor, especially China – not regarded as a nation interested primarily in staying under the radar. In its report, Symantec dubs Daxin “the most advanced piece of malware Symantec researchers have seen from China-linked actors.””

Title: Conti Ransomware’s Internal Chats Leaked After Siding with Russia
Date Published: February 27, 2022

https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/

Excerpt: “A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine. BleepingComputer has independently confirmed the validity of these messages from internal conversations previously shared with BleepingComputer regarding Conti’s attack on Shutterfly.”

Title: Iran-linked UNC3313 APT Employed Two Custom Backdoors Against a Middle East Gov Entity
Date Published: February 28, 2022

https://securityaffairs.co/wordpress/128493/malware/unc3313-apt-two-backdoors.html

Excerpt: “UNC3313 is an Iran-linked threat actor that was linked with “moderate confidence” to the MuddyWater nation-state actor (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) by cybersecurity firm Mandiant. UNC3313 was observed deploying two new custom backdoors, tracked as GRAMDOOR and STARWHALE, as part of an attack against an unnamed government entity in the Middle East in November 2021.”

Title: Feds Advise ‘Shields Up’ as Russian Cyberattack Defense
Date Published: February 27, 2022

https://www.bankinfosecurity.com/feds-advise-shields-up-as-russian-cyberattack-defense-a-18619

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency, along with the FBI, issued a joint advisory on Saturday pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. The agency has also updated the Shields Up webpage to include new information, recommendations for corporate leaders and actions to protect critical assets.”

Title: CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software
Date Published: February 28, 2022

https://thehackernews.com/2022/02/cisa-warns-of-high-severity-flaws-in.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system (ICS) advisory related to multiple vulnerabilities impacting Schneider Electric’s Easergy medium voltage protection relays.”

Title: 2022 May be the Year Cybercrime Returns its Focus to Consumer
Date Published: February 27, 2022

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Excerpt: “Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers. This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...