February 28, 2022

Fortify Security Team
Feb 28, 2022

Title: Ukraine recruits “IT Army” to Hack Russian Entities, Lists 31 Targets
Date Published: February 26, 2022

https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/

Excerpt: “Ukraine is recruiting a volunteer “IT army” of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks.Saturday afternoon, Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov announced that they need volunteer “digital talents” for an “IT Army” to conduct operational tasks against Russia on the cyber frontline.”

Title: Chipmaker Giant Nvidia Hit by a Ransomware Attack
Date Published: February 27, 2022

https://securityaffairs.co/wordpress/128456/cyber-crime/nvidia-ransomware-attack.html

Excerpt:The chipmaker giant Nvidia was victim of a ransomware attack that impacted some of its systems for two days. The security breach is not connected to the ongoing crisis in Ukraine, according to a person familiar with the incident. The incident also impacted the company’s developer tools and email systems, but business and commercial activities were not affected.”

Title: Belarusian Spearphishing Campaign Targets Ukraine Military
Date Published: February 26, 2022

https://www.bankinfosecurity.com/belarusian-spearphishing-campaign-targets-ukraine-military-a-18617

Excerpt: “The Computer Emergency Response Team of Ukraine is warning of a massive spearphishing campaign targeting private accounts of Ukrainian military personnel and related individuals. CERT-UA attributes the activities to the UNC1151 group, which consists of officers of the Ministry of Defense of the Republic of Belarus.”

Title: Reborn of Emotet: New Features of the Botnet and How to Detect it
Date Published: February 28, 2022

https://thehackernews.com/2022/02/reborn-of-emotet-new-features-of-botnet.html

Excerpt: “One of the most dangerous and infamous threats is back again. In January 2021, global officials took down the botnet. Law enforcement sent a destructive update to the Emotet’s executables. And it looked like the end of the trojan’s story. But the malware never ceased to surprise. November 2021, it was reported that TrickBot no longer works alone and delivers Emotet. And ANY.RUN with colleagues in the industry were among the first to notice the emergence of Emotet’s malicious documents.”

Title: Stealthy Daxin is China’s ‘Most Advanced Piece of Malware’
Date Published: February 28, 2022

https://www.scmagazine.com/analysis/cyberespionage/stealthy-daxin-is-chinas-most-advanced-piece-of-malware

Excerpt: “New malware attributed to China – more technologically advanced, stealthy and long-lasting than any seen before from the country – is challenging the orthodoxy of Chinese threat intelligence. Researchers at Broadcom’s Symantec division on Monday detailed and attributed the malware they have dubbed Daxin, which has been used in attacks in some form since at least 2013. Nine years is extreme longevity for any threat actor, especially China – not regarded as a nation interested primarily in staying under the radar. In its report, Symantec dubs Daxin “the most advanced piece of malware Symantec researchers have seen from China-linked actors.””

Title: Conti Ransomware’s Internal Chats Leaked After Siding with Russia
Date Published: February 27, 2022

https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/

Excerpt: “A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine. BleepingComputer has independently confirmed the validity of these messages from internal conversations previously shared with BleepingComputer regarding Conti’s attack on Shutterfly.”

Title: Iran-linked UNC3313 APT Employed Two Custom Backdoors Against a Middle East Gov Entity
Date Published: February 28, 2022

https://securityaffairs.co/wordpress/128493/malware/unc3313-apt-two-backdoors.html

Excerpt: “UNC3313 is an Iran-linked threat actor that was linked with “moderate confidence” to the MuddyWater nation-state actor (aka Static Kitten, Seedworm, TEMP.Zagros, or Mercury) by cybersecurity firm Mandiant. UNC3313 was observed deploying two new custom backdoors, tracked as GRAMDOOR and STARWHALE, as part of an attack against an unnamed government entity in the Middle East in November 2021.”

Title: Feds Advise ‘Shields Up’ as Russian Cyberattack Defense
Date Published: February 27, 2022

https://www.bankinfosecurity.com/feds-advise-shields-up-as-russian-cyberattack-defense-a-18619

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency, along with the FBI, issued a joint advisory on Saturday pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. The agency has also updated the Shields Up webpage to include new information, recommendations for corporate leaders and actions to protect critical assets.”

Title: CISA Warns of High-Severity Flaws in Schneider and GE Digital’s SCADA Software
Date Published: February 28, 2022

https://thehackernews.com/2022/02/cisa-warns-of-high-severity-flaws-in.html

Excerpt: “The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system (ICS) advisory related to multiple vulnerabilities impacting Schneider Electric’s Easergy medium voltage protection relays.”

Title: 2022 May be the Year Cybercrime Returns its Focus to Consumer
Date Published: February 27, 2022

https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/

Excerpt: “Threat analysts expect 2022 to be the tipping point for a shift in the focus of hackers from large companies back to consumers. This prediction is the result of several factors that make consumers a lot more lucrative to threat actors today than in previous years.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...