Daily Threat Intelligence – May 23 – 2023
Security experts are warning against an easy-to-weaponize security vulnerability affecting a variety of Zyxel firewalls. There are approximately 42,000 instances of Zyxel web interfaces exposed to the internet, leaving out vulnerable VPN implementations (which means the actual count is even higher). Moving on. A cryptocurrency phishing and scam service known as Inferno Drainer has made headlines for pilfering more than $5.9 million worth of assets from roughly 5,000 individuals. The extensive scope and impact of the operation highlight the urgent need to combat cryptocurrency-related scams.
A number of malware stains have been reported by security researchers at ASEC. Cybercriminals were found propagating DarkCloud, ClipBanker, and StrelaStealer malware in two separate email campaigns. StrelaStealer is being used against Spanish users.
Top Breaches Reported in the Last 24 Hours
Hospital targeted by Royal Ransomware
Clarke County Hospital, Iowa, disclosed that it experienced a ransomware attack after security researchers stumbled across its stolen data on the leak site of Royal ransomware. Though the hospital did not explicitly confirm the involvement of Royal ransomware, it did disclose that the attack knocked all its network access offline. The leak may have affected patients’ personal data and medical records, such as health insurance information, medical record number, and diagnostic information of the visitors.
Operation disrupted at motorcycle manufacturing firm
Following a cyberattack, the Indian manufacturing plant responsible for producing Suzuki motorcycles has been compelled to cease operations. In light of the incident, the company has postponed its annual supplier conference, originally scheduled to commence this week. The operations at the manufacturing plant have been temporarily suspended, resulting in an approximate production loss of 20,000 vehicles.
Top Malware Reported in the Last 24 Hours
WINTAPIX in the Middle East
An unidentified threat actor group has been observed employing a malicious Windows kernel driver in targeted attacks, primarily focusing on the Middle East region. Fortinet security experts have dubbed the artifact as WINTAPIX (WinTapix.sys). Using kernel privileges, an attacker can perform various operations ranging from manipulation of critical security mechanisms to arbitrary code execution.
Spam email spreads DarkCloud and ClipBanker
ASEC’s AhnLab discovered a spam email campaign that distributes the DarkCloud info-stealer malware. The email contents urge recipients to review the attached payment statement, which purportedly pertains to their company account. Additionally, the threat actor installs ClipBanker on infected devices that replace a user’s wallet address with the threat actor’s wallet address.
StrelaStealer targets Spanish users
A security team from the same firm spotted another phishing email related to payment fees that aim to target Spanish users with the StrelaStealer info-stealer. StrelaStealer, first identified in November 2022, is capable of stealing user account credentials from email clients including Thunderbird and Outlook.
Top Vulnerabilities Reported in the Last 24 Hours
Zyxel flaw can be abused, PoC out
A recently patched command injection flaw in various Zyxel firewalls could potentially be exploited in real-world attacks, stated Rapid7 researchers. The flaw, identified as CVE-2023-28771, affects some versions of Zyxel APT, USG FLEX, and VPN firewalls and Zyxel ZyWALL/USG gateways and firewalls. Moreover, the researchers have shared a technical analysis and a Proof-of-Concept (PoC) script that demonstrates the vulnerability and enables the execution of a reverse root shell.
Samsung patches spy bug
Samsung patched a security hole that was being abused by Spanish spyware vendor Variston to implant surveillance malware on targeted devices in the UAE. The exploit chain developed by them leverages multiple zero-days that were already fixed by Samsung, Google, and chipmaker ARM. The flaw allowed attackers to overcome Android’s address space layout randomization security feature that randomizes the location of system executables in memory.
Top Scams Reported in the Last 24 Hours
Inferno Drainer drains nearly 6 million
Security analysts at Scam Sniffer exposed a crypto phishing and scam service Inferno Drainer that swindled about $5.9 million worth of cryptocurrencies from 4,888 victims. It reportedly crafted over 689 counterfeit websites since March 27, 2023. The fraudulent websites created by scammers impersonated 229 prominent brands, including Pepe, Bob, Collab.Land, MetaMask, OpenSea, and LayerZero.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
