March 24, 2022

Fortify Security Team
Mar 24, 2022

Title: FBI Adds Russian Cybercrime Market Owner to Most Wanted List
Date Published: March 23, 2022

https://www.bleepingcomputer.com/news/security/fbi-adds-russian-cybercrime-market-owner-to-most-wanted-list/ Excerpt: “A Russian national has been indicted by the US DOJ and added to the FBI’s Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace. Igor Dekhtyarchuk, a resident of Russia, was indicted in the Eastern District of Texas for running the cybercrime marketplace that sold credit cards, access to compromised devices or accounts, and personal information.”

Title: Anonymous Claims to Have Hacked the Central Bank of Russia
Date Published: March 24, 2022

https://securityaffairs.co/wordpress/129431/hacktivism/anonymous-hacked-central-bank-of-russia.html Excerpt: “Anonymous continues to target Russian government organizations and private businesses, now it is claiming to have hacked the Central Bank of Russia. The popular hacker collective claims to have compromised the systems of the Central Bank of Russia and stole 35,000 files, it announced that will leak it it in 48 hours.”

Title: Tax-Season Scammers Spoof Fintechs Stash, Public
Date Published: March 24, 2022

https://threatpost.com/tax-season-scammers-spoof-fintechs-stash-public/179071/

Excerpt: “Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. Novel email campaigns are spoofing popular financial technology (fintech) applications and their tax notifications to try to dupe victims into giving up their credentials, researchers have found.”

Title: New Cyberespionage Campaign Targeting ISPs, Research Entities
Date Published: March 24, 2022

https://www.helpnetsecurity.com/2022/03/24/cyberespionage-campaign-korplug/ Excerpt: “ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group. The current campaign exploits the war in Ukraine and other European news topics.”

Title: Chinese APT Hackers Targeting Betting Companies in Southeast Asia
Date Published: March 24, 2022

https://thehackernews.com/2022/03/chinese-apt-hackers-targeting-betting.html Excerpt “A Chinese-speaking advanced persistent threat (APT) has been linked to a new campaign targeting gambling-related companies in South East Asia, particularly Taiwan, the Philippines, and Hong Kong. Cybersecurity firm Avast dubbed the campaign Operation Dragon Castling, describing its malware arsenal as a “robust and modular toolset.” The ultimate motives of the threat actor are not immediately discernible as yet nor has it been linked to a known hacking group.”

Title:  Scripps Health Sued Over Ongoing Payroll Disruption Claims, as Kronos Fallout Continues
Date Published: March 23, 2022

https://www.scmagazine.com/analysis/business-contunuity/scripps-health-sued-over-ongoing-payroll-disruption-claims-as-kronos-fallout-continues Excerpt: “Scripps Health is facing a class-action lawsuit filed by employees impacted by the Kronos outages and subsequent payroll disruptions. The San Diego-based health system joins a growing list of providers facing similar legal filings, spurred by the fallout from the December ransomware attack.”

Title: FBI: Ransomware hit 649 critical infrastructure orgs in 2021
Date Published: March 23, 2022

https://www.bleepingcomputer.com/news/security/fbi-ransomware-hit-649-critical-infrastructure-orgs-in-2021/ Excerpt: “The Federal Bureau of Investigation (FBI) says ransomware gangs have breached the networks of at least 649 organizations from multiple US critical infrastructure sectors last year, according to the Internet Crime Complaint Center (IC3) 2021 Internet Crime Report. However, the actual number is likely higher given that the FBI only started tracking reported ransomware incidents in which the victim a critical infrastructure sector organization in June 2021.”

Title: Ukrainian Enterprises Hit with the DoubleZero Wiper
Date Published: March 23, 2022

https://securityaffairs.co/wordpress/129417/malware/doublezero-wiper-hit-ukraine.html Excerpt: “Ukraine CERT-UA continues to observe malware based attacks aimed at Ukrainian organizations, in a recent alert it warned of attacks employing a wiper dubbed DoubleZero. The government CERT started observing this campaign on March 17, 2022, threat actors launched spear-phishing attacks using malicious.”

Title: Microsoft Help Files Disguise Vidar Malware
Date Published: March 24, 2022

https://threatpost.com/microsoft-help-files-vidar-malware/179078/

Excerpt: “Where’s the last place you’d expect to find malware? In an email from your mother? Embedded in software you trust and use everyday (actually, that’s probably the first place you should look)? How about in a technical documentation file? In a report published Thursday, Trustwave SpiderLabs revealed a new phishing attack designed to plant the Vidar infostealer on target machines. The trick to this particular campaign is that it conceals its complex malware behind a Microsoft Compiled HTML Help (.CHM) file, Microsoft’s proprietary file format for help documentation saved in HTML. In other words, it’s the kind of file you almost never look at or even think about.”

Title: Over 200,000 MicroTik Routers Worldwide Are Under the Control of Botnet Malware
Date Published: March 24, 2022

https://thehackernews.com/2022/03/over-200-malicious-npm-packages-caught.html Excerpt: “A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. “After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure NPM scope, by an attacker that employed an automatic script to create accounts and upload malicious packages that cover the entirety of that scope,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe said in a new report.”

Recent Posts

September 16, 2022

Title: Uber hacked, internal systems breached and vulnerability reports stolen Date Published: September 16, 2022 https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/ Excerpt: “Uber suffered a...

September 15, 2022

Title: Webworm hackers modify old malware in new attacks to evade attribution Date Published: September 15, 2022 https://www.bleepingcomputer.com/news/security/webworm-hackers-modify-old-malware-in-new-attacks-to-evade-attribution/ Excerpt: “The Chinese 'Webworm'...

September 14, 2022

Title: Chinese hackers create Linux version of the SideWalk Windows malware Date Published: September 14, 2022 https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/ Excerpt: “State-backed Chinese hackers...

September 13, 2022

Title: Cyberspies drop new infostealer malware on govt networks in Asia Date Published: September 13, 2022 https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/ Excerpt: “Security researchers have identified...

September 12, 2022

Title: Cisco confirms Yanluowang ransomware leaked stolen company data Date Published: September 12, 2022 https://www.bleepingcomputer.com/news/security/cisco-confirms-yanluowang-ransomware-leaked-stolen-company-data/ Excerpt: “Cisco has confirmed that the data leaked...

September 9, 2022

Title: Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/bumblebee-malware-adds-post-exploitation-tool-for-stealthy-infections/ Excerpt: “A new version of the...

September 8, 2022

Title: North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Date Published: September 8, 2022 https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-take-aim-at-us-energy-providers/ Excerpt: “The North Korean APT group 'Lazarus' (APT38)...