Actors, Threats and Vulnerabilities 9 January 2023 – 15 January 2023

For a detailed threat digest, download the pdf file here

Summary

Hive Pro discovered four actors that have been active in the past week. The first, Turla, is a well-known Russian threat actor known for information theft and espionage. The second, Saaiwc Group, is a well-known Southeast Asian threat group that specializes in Information Theft and espionage. The third, PatchWork, is a well-known Indian threat actor known for information theft and espionage. The fourth, NoName057(16), is a well-known Russian threat actor known for Hacktivist and Destruction. For further details, see the key takeaway section for Actors.

We also discovered eight new malware strains that have been active over the past week. The LummaC2 is an information stealer being marketed on a Russian website. The Turla Group is delivering the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. The Saaiwc Group employs a PowerShell backdoor known as PowerDism, as well as other custom tools. Patchwork’s most recent campaign featured a variant of the BADNEWS (Ragnatela). The Emotet banking Trojan used the EtterSilent malicious document builder. A new dropper strain called NeedleDropper leveraged the CVE-2017-11882 vulnerability to mount intricate payloads. The Gootkit loader targets the Australian healthcare industry via SEO poisoning. A new malware called PoweRAT combines stealer and RAT capabilities. For further details, see the key takeaway section for Attacks.

Last week, we identified 31 vulnerabilities that organizations should be aware of. Two of these are zero-day vulnerabilities, one being in Microsoft Windows Advanced Local Procedure Call, and another being actively exploited by the Saaiwc group. For further details, see the key takeaway section on vulnerabilities.

For a detailed threat digest, download the pdf file here