Actors, Threats and Vulnerabilities 5 – 11 December 2022

For a detailed threat digest, download the pdf file here

Summary

Hive Pro discovered six Actors that have been active in the last week. Two of them (Lazarus Group, and Scattered Spider) are popular for financial crime. Three of them (BackdoorDiplomacy, Calisto, and APT37) are popular for Information theft and Espionage. Lastly, Agrius is an Iranian threat actor group popular for Sabotage and destruction. For further details, see the key takeaway section for Actors.

We also discovered five new malware strains that have been active over the last week. Ransomware attacks are being launched against exposed Remote Desktop services (CVE-2019-0708) by five ransomware families that include BlackHunt, NYX, Redeemer, Vohuk, and Amelia are attacking open RDP ports. AppleJeus malware is used by the Lazarus group to steal the victim’s private keys and exhausts crypto assets. The telecom industry is targeted by BackdoorDiplomacy with Irafau and Quarian backdoors. New ransomware called BlackMagic targets victims by using double extortion. The new botnet named Zerobot has two variants written in Go and is known to exploit known vulnerabilities. Bluelight, Dolphin, and Rokrat are used by group APT 37 and Fantasy Wiper is used by Agrius APT group. For further details, see the key takeaway section for Attacks.

We discovered 32 Vulnerabilities last week that organizations should Prioritize. Among these 32, there were five zero-day, and three are undergoing reanalysis on NVD. For further details, see the key takeaway section for Vulnerabilities.

Note: The term “Zerobot” in this advisory refers to a specific type of malware, and is not related with the organization zerobot.ai.

For a detailed threat digest, download the pdf file here