15 March 2021
This alert was created automatically by our award-winning intelligence product Silobreaker Online. Story selection is determined by an algorithm and based on a set of queries initially set by a Silobreaker user. Contact us here for more information.
Heat – Trending Malware and Threat Actors
| Name | Heat 1 | Heat 7 | Vol 1 | Vol 7 |
|---|---|---|---|---|
| NanoCore RAT |  |
|
3 | 26 |
| XCSSET | |
 |
2 | 9 |
| Minebridge Malware | |
 |
1 | 1 |
| RedXOR Backdoor | |
|
2 | 29 |
| Sodinokibi Ransomware | |
|
3 | 21 |
| UnityMiner | |
|
1 | 12 |
| GandCrab Ransomware | |
|
1 | 14 |
| Winnti Group | |
|
1 | 17 |
| Supernova Webshell | |
|
1 | 28 |
| DearCry Ransomware | |
 |
4 | 144 |
Data Breaches
smogcloud: Find exposed AWS cloud assets hxxps://securityonline[.]info/smogcloud-find-exposed-aws-cloud-assets/Dinosn – Twitter – Mar 14 2021 19:12smogcloud: Find exposed AWS cloud assets hxxps://securityonline[.]info/smogcloud-find-exposed-aws-cloud-assets/
RT @PogoWasRight: If you’re a researcher or a journalist who reports on data leaks or breaches involving entities in India, these new rules may impact you — read this thread. hxxps://twitter[.]com/internetfreedom/status/1366294918033928194Cyber_War_News – Twitter – Mar 15 2021 00:24RT @PogoWasRight: If you're a researcher or a journalist who reports on data leaks or breaches involving entities in India, these new rules may impact you — read this thread. hxxps://twitter[.]com/internetfreedom/status/1366294918033928194
well, breach is on cooldown for another round. also, it looks like the pods are separating, thankfully. hxxps://twitter[.]com/da_667/status/1371269759635968001/photo/1da_667 – Twitter – Mar 15 2021 01:19well, breach is on cooldown for another round. also, it looks like the pods are separating, thankfully. hxxps://twitter[.]com/da_667/status/1371269759635968001/photo/1
Verkada Surveillance Hack, Breach Highlights IoT RisksSecurity Bloggers Network – Mar 15 2021 06:00…
Hacker Groups
The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=d5ba9940-853c-11eb-a61b-fa163e6ccaff Stories via @LatestAnonNews #security #malwareanon_indonesia – Twitter – Mar 15 2021 03:16The Anonymous Indonesia News Daily is out! hxxps://paper[.]li/anon_indonesia/1435572762?edition_id=d5ba9940-853c-11eb-a61b-fa163e6ccaff Stories via @LatestAnonNews #security #malware
What have APT41 and APT27 been up to lately?
Find out in @snozberries_au and @thall_sec’s virtual talk at the 2021 Australian Cyber Conference Canberra: hxxps://feye[.]io/3eopSU3 hxxps://twitter[.]com/Mandiant/status/1371264910290718721/photo/1
Mandiant – Twitter – Mar 15 2021 01:00What have APT41 and APT27 been up to lately?Find out in @snozberries_au and @thall_sec's virtual talk at the 2021 Australian Cyber Conference Canberra: hxxps://feye[.]io/3eopSU3 hxxps://twitter[.]com/Mandiant/status/1371264910290718721/photo/1
RT @YourAnonRiots: Anonymous hackers have hacked the website of the Myanmar Police Station.
Hacked by @YourAnonIRC
#tangodown 👇hxxp://myanmarpoliceforce[.]org/opmyanmar.html
#OpMyanmar
#Anonymous
#WhatsHappeningInMyanmar
#R2PforMyanmar
#Mar10Coup
#MilkTeaAlliance
#infosec
#cybersecurity hxxps://twitter[.]com/YourAnonIRC/status/1369495212062609409Cloud_CIO_ – Twitter – Mar 14 2021 22:05RT @YourAnonRiots: Anonymous hackers have hacked the website of the Myanmar Police Station.
Hacked by @YourAnonIRC
#tangodown 👇hxxp://myanmarpoliceforce[.]org/opmyanmar.html
#OpMyanmar
#Anonymous
#WhatsHappeningInMyanmar
#R2PforMyanmar
#Mar10Coup…
Hacked by @YourAnonIRC
#tangodown 👇hxxp://myanmarpoliceforce[.]org/opmyanmar.html
#OpMyanmar
#Anonymous
#WhatsHappeningInMyanmar
#R2PforMyanmar
#Mar10Coup
#MilkTeaAlliance
#infosec
#cybersecurity hxxps://twitter[.]com/YourAnonIRC/status/1369495212062609409Cloud_CIO_ – Twitter – Mar 14 2021 22:05RT @YourAnonRiots: Anonymous hackers have hacked the website of the Myanmar Police Station.
Hacked by @YourAnonIRC
#tangodown 👇hxxp://myanmarpoliceforce[.]org/opmyanmar.html
#OpMyanmar
#Anonymous
#WhatsHappeningInMyanmar
#R2PforMyanmar
#Mar10Coup…
Malware
Linux Systems Under Attack By New RedXOR Malware hxxps://threatpost[.]com/linux-systems-redxor-malware/164689/ #malwareSecnewsbytes – Twitter – Mar 14 2021 13:32Linux Systems Under Attack By New RedXOR Malware hxxps://threatpost[.]com/linux-systems-redxor-malware/164689/ #malware
Reverse Engineering Microsoft Exchange DearCry Ransomware | Brief Analysis
hxxps://www[.]youtube[.]com/watch?v=s75edLEbPJcDinosn – Twitter – Mar 14 2021 19:16Reverse Engineering Microsoft Exchange DearCry Ransomware | Brief Analysis
hxxps://www[.]youtube[.]com/watch?v=s75edLEbPJc
hxxps://www[.]youtube[.]com/watch?v=s75edLEbPJcDinosn – Twitter – Mar 14 2021 19:16Reverse Engineering Microsoft Exchange DearCry Ransomware | Brief Analysis
hxxps://www[.]youtube[.]com/watch?v=s75edLEbPJc
Icon files abused in malspam to spread NanoCore Trojan hxxps://www[.]zdnet[.]com/article/icon-files-abused-in-malspam-to-spread-nanocore-trojan/?ftag=COS-05-10aaa0g&taid=604e6ecbb7d77200018e4f38&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitterZDNet – Twitter – Mar 14 2021 20:15Icon files abused in malspam to spread NanoCore Trojan…
Icon files abused in malspam to spread NanoCore Trojan hxxps://www[.]zdnet[.]com/article/icon-files-abused-in-malspam-to-spread-nanocore-trojan/?ftag=COS-05-10aaa0g&taid=604e2877d52b5600013a64a1&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitterZDNet – Twitter – Mar 14 2021 15:15Icon files abused in malspam to spread NanoCore Trojan…
Vulnerabilities
CVE-2019-0708 Bluekeep worm ETA when? Oh it never happened? Shocking.hackerfantastic – Twitter – Mar 14 2021 14:19CVE-2019-0708 Bluekeep worm ETA when? Oh it never happened? Shocking.
Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCESecurity Affairs – Mar 14 2021 15:08Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in…
Google releases Spectre PoC code exploit for Chrome browserSecurity Affairs – Mar 14 2021 09:49Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser…
Experts found 15 flaws in #Netgear JGS516PE switch, including a critical RCE
hxxps://securityaffairs[.]co/wordpress/115586/hacking/netgear-soho-flaws.html
#securityaffairs #hacking #iotsecurityaffairs – Twitter – Mar 14 2021 15:09Experts found 15 flaws in #Netgear JGS516PE switch, including a critical RCE
hxxps://securityaffairs[.]co/wordpress/115586/hacking/netgear-soho-flaws.html
#securityaffairs #hacking #iot
hxxps://securityaffairs[.]co/wordpress/115586/hacking/netgear-soho-flaws.html
#securityaffairs #hacking #iotsecurityaffairs – Twitter – Mar 14 2021 15:09Experts found 15 flaws in #Netgear JGS516PE switch, including a critical RCE
hxxps://securityaffairs[.]co/wordpress/115586/hacking/netgear-soho-flaws.html
#securityaffairs #hacking #iot
Ongoing Campaigns
Security Affairs newsletter Round 305Security Affairs – Mar 14 2021 13:36A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe …
Credential Stuffing: the Culprit of Recent Attacks >> hxxps://bit[.]ly/3ex5dgFInfosecurityMag – Twitter – Mar 14 2021 15:04Credential Stuffing: the Culprit of Recent Attacks >> hxxps://bit[.]ly/3ex5dgF
RT @ale_sp_brazil: About the DearCry ransomware (hxxps://www[.]bleepingcomputer[.]com/news/security/ransomware-now-attacks-microsoft-exchange-servers-with-proxylogon-exploits/), you can easily get its Yara rules using Malwoverview.
#ransomware #cyberthreats #malware #yara hxxps://twitter[.]com/ale_sp_brazil/status/1370762157122523137/photo/1
gh0std4ncer – Twitter – Mar 14 2021 10:33RT @ale_sp_brazil: About the DearCry ransomware (hxxps://www[.]bleepingcomputer[.]com/news/security/ransomware-now-attacks-microsoft-exchange-servers-with-proxylogon-exploits/), you can easily get its Yara rules using Malwoverview.#ransomware…
RT @ZeroFOX: #interestingread #morningnews #REvil/Sodinokibi #ransomware operators announced they are using #DDoS attacks and voice calls to victim’s business partners and journalists to force #ransom payment. hxxp://0fox[.]co/m7fM50DVxTm via @securityaffairs hxxps://twitter[.]com/ZeroFOX/status/1371068903120629764/photo/1securityaffairs – Twitter – Mar 14 2021 12:47RT @ZeroFOX: #interestingread #morningnews #REvil/Sodinokibi #ransomware operators announced they are using #DDoS attacks and voice calls to victim’s business partners and journalists to force #ransom payment. hxxp://0fox[.]co/m7fM50DVxTm via…
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
