Actors, Threats and Vulnerabilities 30 January to 5 February 2023
Actors, Threats and Vulnerabilities 30 January to 5 February 2023
For a detailed threat digest, download the pdf file here
Summary
For a detailed threat digest, download the pdf file here
Hive Pro discovered four actors that have been active in the past week. The first, Sandworm Team, is a well-known Russian threat actor known for Sabotage and destruction. The second, UNC2565, is an unknown threat group that specializes in Information theft and espionage. The third, BlueBravo, is a well-known Russian threat group known for Information theft and espionage. The fourth, Lazarus Group, is a well-known North Korean threat group known for Sabotage and destruction. For further details, see the key takeaway section for Actors.
We also discovered nine new malware strains that have been active over the past week. The Ukrainian National Information Agency ‘Ukrinform’ was targeted by the Sandworm team in a partially successful cyber attack with 5 types of malicious malware. The UNC2565 group is responsible for the GOOTLOADER malware, which infects systems via the download of a malicious archive. The Russian-linked threat group BlueBravo utilizes GraphicalNeutrino and BEATDROP as malicious software in targeted cyber attacks. To evade detection, the group employs legitimate Western services for C2 communications. TrickGate is a well-known Packer-as-a-Service that has successfully eluded detection from cybersecurity measures for over six years. The newly discovered HeadCrab malware, targeting vulnerable Redis servers online, has infected over 1,000 servers since September 2021. VectorStealer is malicious software that steals .rdp files by phishing emails, costing USD 63 in Bitcoin. Hackers have aimed at online gaming and gambling companies using an undetected Ice Breaker backdoor. A cluster of virtualized .NET malware loaders, referred to as MalVirt, is being spread through malvertising attacks. A new type of ransomware called Nevada Ransomware has been discovered with an affiliate program. For further details, see the key takeaway section for Attacks.
Last week, we discovered six vulnerabilities that organizations should prioritize. One vulnerability was a security flaw in QNAP NAS devices, one critical vulnerability was found in the Windows CryptoAPI and four flaws were exploited by Lazarus Group For further details, see the key takeaway section on vulnerabilities.
