Actors, Threats and Vulnerabilities 27 February to 5 March 2023

For a detailed threat digest, download the pdf file here

Summary

For a detailed threat digest, download the pdf file here

HiveForce Labs discovered six actors that have been active in the past week. TA866, APT-C-61, and DEV-0569 are cybercrime groups that focus on Financial gain. The other three Chinese-based actors are Blackfly, Iron Tiger, and Mustang Panda APT is well-known for their information theft and espionage capabilities. For further details, see the key takeaway section for Actors.

We also discovered 13 new malware strains that have been active over the past week. One of them was an Information stealer: Rhadamanthys. We discovered two new malware strains called SysUpdate and SCARLETEEL. Additionally, two were classified as backdoors: Winnkit and MQsTTang. Three Trojans: AgentTesla, An unknown Trojan, and ParallaxRAT. We also identified three strains of ransomware: Maui and H0lyGh0st, Royal Ransomware, and Exfiltrator-22. Finally, Two Crypters: PureCrypter and Snip3 Crypter. For further details, see the key takeaway section for Attacks.

Last week, we discovered six vulnerabilities that organizations should prioritize. One Zero-day vulnerability along with two other flaws was exploited by Malicious DPRK Actors. The remaining three vulnerabilities affected Apple macOS Ventura allowing attackers to elevate privileges and execute unauthorized code execution.  For further details, see the key takeaway section on vulnerabilities.