Actors, Threats and Vulnerabilities 28 November – 4 December 2022

For a detailed threat digest, download the pdf file here

Summary

Hive Pro discovered three Actor that have been active in the last week. First FIN7, a Russian threat actor group popular for financial crime. Second ScarCruft, a North Korean threat actor group popular for Information theft and espionage. Third UNC4191, an unknown threat actor group popular for espionage. For further details, see the key takeaway section for Actors.

We also discovered five new malware strains that have been active over the last week. A new strain of Punisher ransomware is circulating via phishing sites and imposes a USD 1,000 bitcoin ransom to recover files. Malicious actors leveraged the Windows IKE flaw (CVE-2022-34721) to strike parts of Asia, Europe, and the United States in the Bleed You campaign. Dolphin backdoor exploited the (CVE-2020-1380) Memory Corruption Bug to infiltrate enterprises across Asia. Three new malware families MISTCLOAK, DARKDEW, and BLUEHAZE, were deployed to execute espionage operations. DuckLogs is a new strain of information-stealing malware that has C&C servers in the wild. For further details, see the key takeaway section for Attacks.

We discovered thirteen Vulnerabilities last week that organizations should Prioritize. Among these 13, there were two zero-day, and ten vulnerabilities that are addressed by google in Chrome 108. For further details, see the key takeaway section for Vulnerabilities.

For a detailed threat digest, download the pdf file here