Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023

For a detailed threat digest, download the pdf file here

Summary

For a detailed threat digest, download the pdf file here

Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information theft and espionage. The second, BlueNoroff, is a well-known North Korean state-sponsored threat group that specializes in financial cyber operations. The third Vice Society ransomware group is known for Financial gain. The fourth Cobalt Sapling is a well-known Iranian state-sponsored threat group that specializes in Sabotage and destruction. For further details, see the key takeaway section for Actors.

We also discovered eight new malware strains that have been active over the past week. The source code for the CrySIS ransomware family has been publicly disclosed, exposing it for anyone to access and modify. Vidar is a subscription-based information-stealer that utilizes Russian VPN gateways to evade detection. Album Stealer uses DLL side loading and data masking to evade detection and exfiltrate information to a C2 server. Chinese threat actors are deploying the Remcos RAT and GuLoader through phishing attacks. DragonSpark campaigns leverage the open-source SparkRAT to target businesses in East Asia. Titan Stealer is a cross-platform information-stealing malware that is actively spread by a threat actor. CryptBot is a malware that steals data from Windows-based computers for system configuration information. New Mimic ransomware uses the APIs of a legitimate tool called Everything to encrypt target files. For further details, see the key takeaway section for Attacks.

Last week, we discovered nine vulnerabilities that organizations should prioritize. Four of these vulnerabilities were security flaws in VMware, and four were in Google Chrome. For further details, see the key takeaway section on vulnerabilities.