05 June 2021

This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.

Heat – Trending Malware and Threat Actors
Name Heat 1 Heat 7 Vol 1 Vol 7
Trickbot Malware 25 36
FreakOut Trojan 17 35
Sodinokibi Ransomware 23 90
SkinnyBoy Malware 8 17
Trickbot Gang 7 7
APT28 7 12
Epsilon Red Ransomware 5 31
Hydromac Agent 3 7
TeamTNT 4 10
Iron Tiger APT 2 2
Data Breaches
Dutch pizza chain discloses breach after hacker tries to extort companyOffice of Inadequate Security – Jun 04 2021 17:13Catalin Cimpanu reports: New York Pizza, one of the largest pizza restaurant chains in the Netherlands, has disclosed today…
“Mass scan phase” of a vuln is a good description. When a reliable exploit exist, all publicly exposed devices will have been compromised within a few hours.ErrataRob – Twitter – Jun 05 2021 01:18"Mass scan phase" of a vuln is a good description. When a reliable exploit exist, all publicly exposed devices will have been compromised within a few hours.
RT @BlackLotusLabs: Hacktivist spreads anti-Western manifesto by abusing Cisco Smart Install protocol on exposed routers, impacts 100+ orgs: hxxps://blog[.]lumen[.]com/hacktivist-campaign-spreads-manifesto-through-router-configuration-files hxxps://twitter[.]com/BlackLotusLabs/status/1400850818073509892/photo/1Metacurity – Twitter – Jun 04 2021 21:26RT @BlackLotusLabs: Hacktivist spreads anti-Western manifesto by abusing Cisco Smart Install protocol on exposed routers, impacts 100+ orgs: hxxps://blog[.]lumen[.]com/hacktivist-campaign-spreads-manifesto-through-router-configuration-files…
Hacker Groups
Night Blood: A Global Ransomware Campaign Run by APT Group TA505CISO MAG – Cyber Security Magazine – Jun 04 2021 21:32The TA505, a Russian-speaking APT group, created a buzz early last year with a devastating ransomware attack on the …
TeamTNT Actively Enumerating Cloud Environments to Infiltrate OrganizationsUnit 42 – Palo Alto Networks Blog – Jun 04 2021 13:00TeamTNT is targeting the credentials of 16 additional applications for the purpose of enumerating cloud environments and infiltrating organizations. The post …
TeamTNT operations are now targeting the credentials of 16 additional applications, including the first known instance of an attacker group targeting IAM credentials on compromised cloud instances outside of AWS. hxxps://bit[.]ly/3vULjC8 hxxps://twitter[.]com/Unit42_Intel/status/1400978180861747201/photo/1Unit42_Intel – Twitter – Jun 05 2021 00:50TeamTNT operations are now targeting the credentials of 16 additional applications, including the first known instance of an attacker group targeting IAM credentials on compromised cloud instances outside of AWS. hxxps://bit[.]ly/3vULjC8…
SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor – Check Point ResearchReddit – BlueTeamSec – RSS – Jun 04 2021 09:02submitted by /u/digicat [link]…
Malware
Her project was to create a “direct” TrickBot monetization model for ransomware to track “targets”, “payments”, “adverts” and “bots”.

This ransomware is not Ryuk or Conti.VK_Intel – Twitter – Jun 04 2021 23:07Her project was to create a "direct" TrickBot monetization model for ransomware to track "targets", "payments", "adverts" and "bots".

This ransomware is not Ryuk or Conti.

FreakOut malware worms its way into vulnerable VMware serversBleepingComputer.com – Jun 04 2021 13:03A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability. […]
Prometheus: An Emerging Threat in the Ransomware LandscapeCyware – Jun 04 2021 10:27Information and data are money in the 21st century and lots of cybercriminals are out to capture this new money. Cyberattacks have witnessed a surge in the last few months and have attained a pinnacle of sophistication. Lately, one such ransomware…
New Epsilon Red Ransomware Attack Unpatched Microsoft Exchange ServersSeclists.org – Data Loss – Jun 04 2021 14:02Posted by Sophia Kingsbury on Jun 04 hxxps://gbhackers[.]com/psilon-red-targeting-unpatched-microsoft-exchange-servers/ Epsilon Red is a set of distinctive PowerShell scripts that were being developed for making encryption. During an…
Vulnerabilities
Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOSSecurity Affairs – Jun 04 2021 07:21Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724, that impacts macOS,…
#TrendMicro details CVE-2021-30724 privilege escalation flaw in #macOS, #iOS
hxxps://securityaffairs[.]co/wordpress/118570/security/cve-2021-30724-privilege-escalation-macos-ios.html
#securityaffairs #hacking #Apple
securityaffairs – Twitter – Jun 04 2021 18:27#TrendMicro details CVE-2021-30724 privilege escalation flaw in #macOS, #iOS
hxxps://securityaffairs[.]co/wordpress/118570/security/cve-2021-30724-privilege-escalation-macos-ios.html
#securityaffairs #hacking #Apple
Ongoing Campaigns
SkinnyBoy Malware Is Used by Russian Hackers to Breach Sensitive OrganisationsHeimdal Security Blog – Jun 04 2021 11:47The threat actor also known as Fancy Bear, Sednit, Sofacy, Strontium, or PwnStorm, used the SkinnyBoy malware in order to target military and government institutions earlier this year. SkinnyBoy seems to be intended to be used in an intermediary…
RT @TrendMicroRSRCH: The Sodinokibi ransomware takes a targeted approach to its attacks and uses legitimate tools to avoid detection. Find out more on its attack process:Securityblog – Twitter – Jun 04 2021 21:51RT @TrendMicroRSRCH: The Sodinokibi ransomware takes a targeted approach to its attacks and uses legitimate tools to avoid detection. Find out more on its attack process:
New Linux Backdoor Spotted: FacefishCyware – Jun 04 2021 08:28With time, Linux has not only become the backbone of the internet and the Android OS, but has also expanded into anything that needs a minimal operating system for dedicated software. Hence, it is highly desirable for threat actors to leave backdoors…
Malware Watch – W/E – 6/4/21Tech-Wreck InfoSec Blog – Jun 04 2021 12:30  Banking Trojans Spread by Imitating Popular Android Apps (06/01/2021) Cyber criminals have been discovered using fake versions of popular Android apps to infect victims with malware. But, in a twist, the…

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker Daily Cyber Alert

Sign up for the latest news on data breaches, hacker groups, malware and vulnerabilities.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal