Threat Intelligence - CloudSEK

Hacktivist Group Summons Allies and Hackers to Unite Against Govt. of India

Category: Adversary Intelligence Threat Type: Hacktivism Industry: Government & Private Region: India Update 2: 13 June 2022, 18:30 IST CloudSEK’s researchers captured a

June 13, 2022

MS Office RCE Vulnerability “Follina” CVE-2022-30190 actively exploited by threat actors

CloudSEK’s Threat Research team has analyzed the MS Office RCE 0day vulnerability that has been dubbed as Follina and has been given the CVE-2022-30190. The attack vector and the vulnerability very closely resembles CVE-2021-40444.

June 3, 2022

Novel Phishing Technique Browser-in-the-Browser Attack Targets Government Websites

CloudSEK’s contextual AI digital risk platform XVigil discovered an unprecedented, sophisticated phishing technique, commonly known as Browser-in-the-Browser (BitB) attack, that has been targeting government websites across the world, including India.

June 3, 2022

Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass

We discovered that Gimmick MacOS malware communicates only through their C2 server hosted on Google Drive. The malware was discovered in the first week of May and it has been actively targeting macOS devices

May 26, 2022

GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need

Goodwill ransomware group propagates very unusual demands in exchange for the decryption key. The Robin Hood-like group is forcing its Victims to donate to the poor and provides financial assistance to the patients in need.

May 24, 2022

Exposed CRM Credentials Enable Threat Actors to Access Organizations’ Critical Infrastructure

We have identified an increase in dark web discussions among threat actors, regarding CRM exploitation tactics and exposure of CRM credentials across code repositories such as Github and Bitbucket

May 21, 2022

Cybercriminals Offer Malvertisement-as-a-Service by Abusing Google Ads

Increase in supply and demand for services that are abusing Google Ads to deliver malware payloads and loaders, across various dark web and cybercrime forums.

May 20, 2022

Redline Stealer Exploits CVE-2022-1096 in Chromium Browsers to Target Millions of Users

Category: Vulnerability Intelligence Vulnerability Class: Access of Resource Using Incompatible Type CVE ID: CVE-2022-1096 CVSS:3.0 Score: 9.1 Executive Summary CloudSEK’s Threat Research Team has

May 12, 2022

Axxes Ransomware Group Appears to be the Rebranded Version of Midas Group

We have discovered a financially motivated threat actor group, named Axxes ransomware, that is considered to be a rebrand of a formerly known Midas ransomware group.

May 11, 2022

Missing Endpoint Authentication in F5 BIG-IP Leads to Remote Code Execution

The severity of the newly identified vulnerability CVE-2022-1388 is present in the F5 BIG-IP. The vulnerability was identified by F5 internally and a patch was released but the difference in code allowed threat actors to make a working exploit for the CVE.