Actors, Threats and Vulnerabilities 2 January 2023 – 8 January 2023

For a detailed threat digest, download the pdf file here

Summary

Hive Pro discovered two actors who have been active in the past week. The first, Blind Eagle, is a well-known Colombia threat actor known for information theft and espionage. The second, Bluebottle, is a cybercrime group that specializes in financial cyber operations. For further details, see the key takeaway section for Actors.

We discovered that eight new malware strains have been active over the last week. Two of these were ransomware, with one being CatB Ransomware and the other being MacOS Ransomware. We also observed two remote access trojans (PupyRAT and QuasarRAT) and one SHC-compiled Linux malware. We even saw old malware, including IcedID and GuLoader. We also observed an unidentified strain of Linux malware and one more new SHC-compiled Linux malware. For more information, see the key takeaway section on Attacks.

Last week, we discovered seven vulnerabilities that organizations should prioritize. Five of these vulnerabilities are security flaws in the Fortinet products, and one is a vulnerability in a ZOHO ManageEngine product. Another one is in Synology VPN Plus Server. For further details, see the key takeaway section on vulnerabilities.

For a detailed threat digest, download the pdf file here