March 24, 2022

Fortify Security Team
Mar 24, 2022

Title: FBI Adds Russian Cybercrime Market Owner to Most Wanted List
Date Published: March 23, 2022

https://www.bleepingcomputer.com/news/security/fbi-adds-russian-cybercrime-market-owner-to-most-wanted-list/ Excerpt: “A Russian national has been indicted by the US DOJ and added to the FBI’s Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace. Igor Dekhtyarchuk, a resident of Russia, was indicted in the Eastern District of Texas for running the cybercrime marketplace that sold credit cards, access to compromised devices or accounts, and personal information.”

Title: Anonymous Claims to Have Hacked the Central Bank of Russia
Date Published: March 24, 2022

https://securityaffairs.co/wordpress/129431/hacktivism/anonymous-hacked-central-bank-of-russia.html Excerpt: “Anonymous continues to target Russian government organizations and private businesses, now it is claiming to have hacked the Central Bank of Russia. The popular hacker collective claims to have compromised the systems of the Central Bank of Russia and stole 35,000 files, it announced that will leak it it in 48 hours.”

Title: Tax-Season Scammers Spoof Fintechs Stash, Public
Date Published: March 24, 2022

https://threatpost.com/tax-season-scammers-spoof-fintechs-stash-public/179071/

Excerpt: “Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. Novel email campaigns are spoofing popular financial technology (fintech) applications and their tax notifications to try to dupe victims into giving up their credentials, researchers have found.”

Title: New Cyberespionage Campaign Targeting ISPs, Research Entities
Date Published: March 24, 2022

https://www.helpnetsecurity.com/2022/03/24/cyberespionage-campaign-korplug/ Excerpt: “ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group. The current campaign exploits the war in Ukraine and other European news topics.”

Title: Chinese APT Hackers Targeting Betting Companies in Southeast Asia
Date Published: March 24, 2022

https://thehackernews.com/2022/03/chinese-apt-hackers-targeting-betting.html Excerpt “A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong. Cybersecurity firm Avast dubbed the campaign Operation Dragon Castling, describing its malware arsenal as a “robust and modular toolset.” The ultimate motives of the threat actor are not immediately discernible as yet nor has it been linked to a known hacking group.”

Title:  Scripps Health Sued Over Ongoing Payroll Disruption Claims, as Kronos Fallout Continues
Date Published: March 23, 2022

https://www.scmagazine.com/analysis/business-contunuity/scripps-health-sued-over-ongoing-payroll-disruption-claims-as-kronos-fallout-continues Excerpt: “Scripps Health is facing a class-action lawsuit filed by employees impacted by the Kronos outages and subsequent payroll disruptions. The San Diego-based health system joins a growing list of providers facing similar legal filings, spurred by the fallout from the December ransomware attack.”

Title: FBI: Ransomware hit 649 critical infrastructure orgs in 2021
Date Published: March 23, 2022

https://www.bleepingcomputer.com/news/security/fbi-ransomware-hit-649-critical-infrastructure-orgs-in-2021/ Excerpt: “The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report. However, the actual number is likely higher given that the FBI only started tracking reported ransomware incidents in which the victim a critical infrastructure sector organization in June 2021.”

Title: Ukrainian Enterprises Hit with the DoubleZero Wiper
Date Published: March 23, 2022

https://securityaffairs.co/wordpress/129417/malware/doublezero-wiper-hit-ukraine.html Excerpt: “Ukraine CERT-UA continues to observe malware based attacks aimed at Ukrainian organizations, in a recent alert it warned of attacks employing a wiper dubbed DoubleZero. The government CERT started observing this campaign on March 17, 2022, threat actors launched spear-phishing attacks using malicious.”

Title: Microsoft Help Files Disguise Vidar Malware
Date Published: March 24, 2022

https://threatpost.com/microsoft-help-files-vidar-malware/179078/

Excerpt: “Where’s the last place you’d expect to find malware? In an email from your mother? Embedded in software you trust and use everyday (actually, that’s probably the first place you should look)? How about in a technical documentation file? In a report published Thursday, Trustwave SpiderLabs revealed a new phishing attack designed to plant the Vidar infostealer on target machines. The trick to this particular campaign is that it conceals its complex malware behind a Microsoft Compiled HTML Help (.CHM) file, Microsoft’s proprietary file format for help documentation saved in HTML. In other words, it’s the kind of file you almost never look at or even think about.”

Title: Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware
Date Published: March 24, 2022

https://thehackernews.com/2022/03/over-200-malicious-npm-packages-caught.html Excerpt: “A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. “After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure NPM scope, by an attacker that employed an automatic script to create accounts and upload malicious packages that cover the entirety of that scope,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe said in a new report.”

Recent Posts

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-royal-ransomware-targeting-healthcare/ Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 https://www.bleepingcomputer.com/news/security/new-zombinder-platform-binds-android-malware-with-legitimate-apps/ Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 https://www.welivesecurity.com/2022/12/07/fantasy-new-agrius-wiper-supply-chain-attack/ Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 https://www.zdnet.com/article/this-badly-made-ransomware-cant-decrypt-your-files-even-if-you-pay-the-ransom/ Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 https://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/ Excerpt: “Florida man Nicholas Truglia...

December 2, 2022

Title: New Go-Based Redigo Malware Targets Redis Servers Date Published: December 1, 2022 https://securityaffairs.co/wordpress/139164/malware/redigo-malware-targets-redis-servers.html Excerpt: “Redigo is a new Go-based malware employed in attacks against Redis servers...

December 1, 2022

Title: Keralty Ransomware Attack Impacts Colombia’s Health Care System Date Published: November 30, 2022 https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ Excerpt: “The Keralty multinational healthcare...