Actors, Threats and Vulnerabilities 12 – 18 December 2022

Threat Digests

Actors, Threats and Vulnerabilities 12 – 18 December 2022

 

For a detailed threat digest, download the pdf file here

 

Summary

Hive Pro discovered six Actors that have been active in the last week. Two of them (TA505 and Silence Group) are famous for financial crimes. Three of them (MuddyWater, Cloud Atlas , and APT5) are popularly known for Information theft and Espionage. Lastly, MirrorFace is a Chinese threat actor group popular for data exfiltration and espionage. For further details, see the key takeaway section for Actors.

We also discovered five new malware strains that have been active over the last week. TrueBot malware is a downloader malware that spreads through infected systems, collects information on targets, and deploys malicious payloads. A PowerShell-based backdoor PowerShower is placed on disk via simple base64-encoding and string concatenation obfuscation. GoTrim is a new botnet written in go programming language and has been scanning and brute-forcing on the four content management systems. Mallox ransomware is operational, propagating rapidly, and infecting entities around the world. Another backdoor, LODEINFO was dropped as a part of a spearphishing campaign. For further details, see the key takeaway section for attacks.

We discovered 24 Vulnerabilities last week that organizations should Prioritize. Among these 24, there were four zero-day, two of which were addressed by Microsoft, one by Fortinet, and one by Citrix. the remaining 20 vulnerabilities were addressed by respective vendors. For further details, see the key takeaway section for Vulnerabilities.

For a detailed threat digest, download the pdf file here