Actors, Threats and Vulnerabilities 19 – 25 December 2022

For a detailed threat digest, download the pdf file here

Summary

Hive Pro has discovered two actors that have been active in the last week. The first, Gamaredon Group, is a famous Russian threat actor known for information theft and espionage. The second, Vice Society, is a popular ransomware gang known for financial crimes. For further details, see the key takeaway section for actors.

We also discovered seven new malware strains that have been active over the last week. Agenda is the latest strain of ransomware to use the cross-platform programming language Rust. SiestaGraph tends to make use of a .NET API package that can be used in place of the Microsoft Graph API. RisePro is a type of malware designed to steal sensitive information from infected computers and send it back to the attacker. A zero-day supply chain attack called “aioconsol” was discovered in the Python Package Index (PyPI). Nokoyawa 2.0 is a 64-bit Windows-based ransomware family that was revised in late September 2022. Ekipa is a remote access trojan (RAT) used in targeted attacks that can be purchased on underground forums for the high price of $3,900. PolyVice, a ransomware variant developed by Vice Society, uses a strong encryption technique based on the NTRUEncrypt and ChaCha20-Poly1305 algorithms. For further details, see the key takeaway section for attacks.

Last week, we discovered 30 vulnerabilities that organizations should prioritize. Of these, four were zero-days that were addressed by Microsoft. The remaining 26 vulnerabilities were addressed by their respective vendors. For further details, see the key takeaway section for vulnerabilities.

For a detailed threat digest, download the pdf file here