This is the GreyKeep Security Malware Roundup for August 11, 2023. Here’s a summary of what’s in this week’s edition:
Organizations
| Microsoft Apple Intel Salesforce Citrix | Barracuda CloudFlare TETRA CODESYS Zyxel |
Targets
| Intel AMD Linux MacOS Windows Windows Defender Microsoft 365 | .NET Visual Studio Power Platform Kubernetes Redis Rust PaperCut |
Threat Actors
| RedHotel APT31 Lazarus Group | ScarCruft (APT37) MoustachedBouncer |
Malware / Ransomeware
| Reptile Rootkit Mallox OpenBullet Skidmap Windows-Defender Pretender QakBot XWorm Remcos RAT Whirlpool Gafgyt | Infostealer TargetCompany Statc Stealer Charming Kitten SystemBC AdLoad BatCloak OpenCarrot Balada freeze[.]rs |
Malware in the News
Microsoft
Microsoft Addresses Critical Power Platform Flaw After Delays and Criticism
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR
CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
Takeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign shows
TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics
Microsoft Patch Tuesday, August 2023 Edition
Intel and AMD
‘Downfall’ Bug in Billions of Intel CPUs Reveals Major Design Flaw
Intel Responds to “Downfall” Attack with Firmware Updates, Urges Mitigation
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
Apple
Mac systems turned into proxy exit nodes by AdLoad
Linux
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems
New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers
Salesforce
Salesforce Zero-Day Exploited to Phish Facebook Credentials
Citrix
Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised
Other Vendors and Products
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Researchers Uncover New High-Severity Vulnerability in PaperCut Software
Kubernetes clusters under attack in hundreds of organizations
Whirlpool malware rips open old Barracuda wounds
Gafgyt botnet is targeting EoL Zyxel routers
Attackers use Cloudflare Tunnel to proxy into victim networks
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications
Malware News
New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs
Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack
Balada Injector still at large – new domains discovered
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure
Statc Stealer, a new sophisticated info-stealing malware
North Korean Hackers Targets Russian Missile Engineering Firm
QakBot Malware Operators Expand C2 Network with 15 New Servers
Interpol Shuts Down African Cybercrime Group, Seizes $2 Million
RedHotel Chinese APT Hackers Attack Government Entities & Intelligence Organizations
MoustachedBouncer Attacking Foreign Embassies Using NightClub and Disco Hacking Tools
MoustachedBouncer: Espionage against foreign diplomats in Belarus
Police seize LOLEK bulletproof service for hosting malware
New Infostealer Malware Steal Logs & Corporate Access Data
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk
Charming Kitten APT is targeting Iranian dissidents in Germany
Researchers Shed Light on APT31’s Advanced Backdoors and Data Exfiltration Tactics
New SystemBC Malware Variant Targets Southern African Power Company