Weekly Threat Digest: 28 February – 6 March 2022
Weekly Threat Digest: 28 February – 6 March 2022
For a detailed threat digest, download the pdf file here
| Published Vulnerabilities | Interesting Vulnerabilities | Targeted Countries | Targeted Industries | ATT&CK TTPs |
| 381 | 19 | 3 | 5 | 22 |
The first week of March 2022 witnessed the discovery of 381 vulnerabilities out of which 19 garnered the attention of security researchers worldwide. Among these 19, there were 2 zero-days and 1 other vulnerability about which the National vulnerability Database (NVD) is still awaiting analysis while 18 were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 19 CVEs that require immediate action.
Last week was all about Russia and Ukraine cyber warfare, there were two malware that targeted Ukraine, namely HermeticWiper and Isaacwiper. These are data wiper malware threats that disable infiltrated systems by erasing or wiping essential data rather than rendering it inaccessible through encryption. Daxin was another sophisticated rootkit backdoor malware that emerged last week. The main target for daxin was the organizations and governments of strategic interest to China. This report lastly talks about the common TTPs which could potentially be exploited by this malware or CVEs.
Detailed Report:
Interesting Vulnerabilities:
Targeted Location:
Targeted Sectors:
 |  |  |  |  |
Common TTPs:
| TA0042: Resource Development | TA0001: Initial Access | TA0002: Execution | TA0003: Persistence | TA0004: Privilege Escalation | TA0005: Defense Evasion |
| T1588: Obtain Capabilities | T1190: Exploit Public-Facing Application | T1059: Command and Scripting Interpreter | T1078: Valid Accounts | T1078: Valid Accounts | T1078: Valid Accounts |
| T1588.002: Tool | T1078: Valid Accounts | T1059.003: Windows Command Shell | T1078.002: Domain Accounts | T1078.002: Domain Accounts | T1078.002: Domain Accounts |
| T1588.003: Code Signing Certificates | T1078.002: Domain Accounts | T1106: Native API | T1098: Account Manipulation | T1068: Exploitation for Privilege Escalation | |
| T1189: Drive-by Compromise | T1047: Windows Management Instrumentation | T1611: Escape to Host | |||
| T1569: System Services | |||||
| T1569.002: Service Execution | |||||
| TA0006: Credential Access | TA0007: Discovery | TA0008: Lateral Movement | TA0009: Collection | TA0040: Impact |
| T1056: Input Capture | T1087: Account Discovery | T1021: Remote Services | T1056: Input Capture | T1499: Endpoint Denial of Service |
| T1110: Brute Force | T1018: Remote System Discovery | T1021.002: SMB/Windows Admin Shares | T1561: Disk Wipe | |
| T1049: System Network Connections Discovery | T1021.003: Distributed Component Object Model | T1561.002: Disk Wipe: Disk Structure Wipe | ||
| T1561.001: Disk Wipe: Disk Content Wipe |
Threat Advisories:
Multiple government entities targeted by China-linked Daxin malware
Destructive data wipers and worms targeting Ukrainian organizations
Thousands of GitLab instances impacted by multiple security flaws
Linux Distributions affected by a privilege escalation vulnerability
Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox
