Actors, Threats and Vulnerabilities 21 – 27 November 2022

For a detailed threat digest, download the pdf file here

Summary

Hive Pro discovered that one Actor has been active in the last week. Earth Preta, a Chinese threat actor group popular for Information theft and espionage, was spotted carrying out a large-scale cyber espionage campaign. For further details, see the key takeaway section for Actors.

We also discovered  five new malware strains have been active over the last week. Aurora Botnet a Malware-as-a-Service (MaaS) has been transformed into a stealer. To target Arab countries, several types of malware were employed, including Emotet, Qakbot, Formbook, and QuadAgent. Novel Royal ransomware has affected more than 50 victims. To exploit US businesses, the Black Basta ransomware gang utilized QakBot malware. The new variation RansomExx has been rewritten using the Rust programming language. For further details, see the key takeaway section for Attacks.

We discovered two Vulnerabilities organizations should Prioritize last week. These two vulnerabilities affected Atlassian products. For a detailed threat digest, download the pdf file here