THREATS April

THREATS April H March(19) April(93) May(144) June(75) July(17)

DATE	NAME	CATEGORY	SUBCATEGORIES	INFO
30.4.22	15M rps HTTPS DDoS attack	Attack	HTTPS DDoS	Earlier this month, Cloudflare’s systems automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record.
30.4.22	Bumblebee	Malware	Malware	Starting in March 2022, Proofpoint observed campaigns delivering a new downloader called Bumblebee. At least three clusters of activity including known threat actors currently distribute Bumblebee.
30.4.22	CVE-2022-23121	Vulnerebility	Vulnerebility	Upon the latest release of Netatalk 3.1.13, the Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software
30.4.22	TALONITE	Hacker Group	Hacker Group ICS	Dragos began tracking the TALONITE activity group in July 2019 with operations focusing on initial access compromises in the United States (U.S.) electric sector.
30.4.22	RedLine Stealer	Malware	Malware Stealer	At the start of the year, Bitdefender noticed a RIG Exploit Kit campaign using CVE-2021-26411 exploits found in Internet Explorer to deliver RedLine Stealer, a low-cost password stealer sold on underground forums.
30.4.22	PlugX	Malware	Malware	The threat group’s targeting shift could reflect a change in China’s intelligence collection requirements due to the war in Ukraine.
30.4.22	Package Planting	Malware	Malware	Aqua’s Team Nautilus found a logical flaw in npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it.
30.4.22	Nimbuspwn	Vulnerebility	Vulnerebility Linux	Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
27.4.22	GOLD ULRICK	Hacker Group	Hacker Group	GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
27.4.22	GOLDBACKDOOR	Malware	Malware	GOLDBACKDOOR, an artifact that shares technical overlaps with another malware named BLUELIGHT, which has been previously linked to the group.
27.4.22	CVE-2022-22954	Vulnerebility	Vulnerebility	Tracked as CVE-2022-22954 (CVSS score: 9.8), the critical issue concerns a case of remote code execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager.
27.4.22	CVE-2021-22204	Vulnerebility	Vulnerebility	After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remotely within VirusTotal platform and gain access to its various scans capabilities.
27.4.22	Pink	Botnet	Botnet	On November 21, 2019, we got an interesting new botnet sample from the security community, the sample contained a large number of function names starting with “pink”, and we named it pink botnet.
27.4.22	Abcbot	Botnet	Malware	A New Evolving Wormable Botnet Malware Targeting Linux
27.4.22	Fodcha	Malware	Malware	A rapidly expanding malware is entrapping routers, DVRs, and servers all over the web in order to launch Distributed Denial-of-Service (DDoS) attacks on over 100 victims every day.
27.4.22	BotenaGo	Malware	Malware	BotenaGo is a relatively new malware written in Golang, Google’s open-source programming language.
27.4.22	ALPHV incident	Incidenty	Ransomware	Breaking Down the Complexity of the Most Sophisticated Ransomware
23.4.22	CVE-2022-21449	Vulnerebility	Vulnerebility	(CVSS score: 7.5), impacts the following versions of Java SE and Oracle GraalVM Enterprise Edition
23.4.22	LemonDuck	Botnet	Cryptocurrency	LemonDuck, a well-known cryptomining botnet, is targeting Docker to mine cryptocurrency on Linux systems. This campaign is currently active.
23.4.22	CVE-2022-22721	Vulnerebility	Vulnerebility	Possible buffer overflow with very large or unlimited LimitXMLRequestBody
23.4.22	CVE-2022-23943	Vulnerebility	Vulnerebility	Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
23.4.22	CVE-2022-20773	Vulnerebility	Vulnerebility	(CVSS score: 7.5), the second flaw to be patched, concerns a static SSH host key that's present in Cisco Umbrella Virtual Appliance (VA) running a software version earlier than 3.3.2
23.4.22	More_eggs	Malware	Javascript/Backdoor	More_eggs is a JavaScript backdoor used by the Cobalt group.
23.4.22	CVE-2022-0071	Vulnerebility	Vulnerebility	CVSS scores: 8.8
23.4.22	CVE-2022-0070	Vulnerebility	Vulnerebility	CVSS scores: 8.8
23.4.22	CVE-2021-3101	Vulnerebility	Vulnerebility	CVSS scores: 8.8
23.4.22	CVE-2021-3100	Vulnerebility	Vulnerebility	CVSS scores: 8.8
23.4.22	CVE-2021-0674	Vulnerebility	Vulnerebility	CVSS score: 5.5, MediaTek) - A case of improper input validation in ALAC decoder leading to information disclosure without any user interaction
23.4.22	CVE-2021-0675	Vulnerebility	Vulnerebility	(CVSS score: 7.8, MediaTek) - A local privilege escalation flaw in ALAC decoder stemming from out-of-bounds write
23.4.22	CVE-2021-30351	Vulnerebility	Vulnerebility	(CVSS score: 9.8, Qualcomm) - An out-of-bound memory access due to improper validation of number of frames being passed during music playback
23.4.22	Hive Ransomware Analysis	Ransomware	Ransomware Hive	Complete analyzes
21.4.22	CVE-2022-20685	Vulnerebility	Vulnerebility
21.4.22	CVE-2019-3568	Vulnerebility	Vulnerebility
21.4.22	CVE-2018-6882	Vulnerebility	Vulnerebility
21.4.22	CVE-2021-3972	Vulnerebility	Vulnerebility
21.4.22	CVE-2021-3971	Vulnerebility	Vulnerebility
21.4.22	CVE-2021-3970	Vulnerebility	Vulnerebility
21.4.22	SnatchCrypto	Operation	Cryptocurrency
18.4.22	PYSA Ransomware Group	Hacker Group	Ransomware
18.4.22	SolarMarker malware	Malware	Infostealer, Backdoor
17.4.22	Operation Dream Job	Operation	APT
16.4.22	Aethon TUG Home Base Server	ICS	ICS
16.4.22	Enemybot	BotNet	BotNet
16.4.22	ZLoader botnet	BotNet	BotNet
16.4.22	RedLine Stealer	Malware	Malware Stealer
16.4.22	CVE-2022-20695	Vulnerebility	Vulnerebility
16.4.22	INCONTROLLER	Malware	ICS Malware
16.4.22	PIPEDREAM	Malware	ICS Malware
16.4.22	AA22-103A	APT	ICS
16.4.22	CVE-2022-22954	Vulnerebility	Vulnerebility
14.4.22	Tarrask	Malware	Malware
14.4.22	Industroyer malware	Malware	Malware
14.4.22	Prometheus TDS	Malware	Malware Stealer
14.4.22	FFDroider	Malware	Malware Stealer
10.4.22	Reaper Botnet	BotNet	BotNet
10.4.22	BIOPASS RAT	Malware	Malware RAT
10.4.22	ShadowPad Malware	Malware	Malware
9.4.22	BlackCat group	Hacker Group	Hacker Group
9.4.22	Azerbaijanian operation	Operation	APT Espionage
9.4.22	Octo	Android Malware	Banking Malware
9.4.22	Denonia	Malware	Malware
9.4.22	Operation Bearded Barbie	Operation	APT
9.4.22	SharkBot	Android Malware	Banking Malware
9.4.22	Colibri	Malware	Malware
9.4.22	Cyclops Blink	BotNet	BotNet
6.4.22	FIN7	Cybercrime group	Cybercrime group
6.4.22	Cicada	APT	APT GROUP
6.4.22	CVE-2022-22965	Vulnerebility	Spring4Shell Vulnerebility
6.4.22	Process Manager	Android Malware	Spyware
6.4.22	El Machete, Lyceum, and SideWinder	Malware	Malware espionage
6.4.22	BlackGuard	Malware	Malware Stealer
6.4.22	TOTOLINK Vulnerabilities	Vulnerebility	Vulnerebility
2.4.22	AcidRain	Malware	Data Wiper
2.4.22	DoubleZero	Malware	Data Wiper
2.4.22	CaddyWiper	Malware	Data Wiper
2.4.22	WhisperKill	Malware	Data Wiper
2.4.22	Gh0st RAT	Malware	RAT
2.4.22	DeFiChain	Malware	Crypto Malware
2.4.22	CVE-2022-0342	Vulnerebility	Vulnerebility
2.4.22	CVE-2022-22587	Vulnerebility	IOMobileFrameBuffer
2.4.22	CVE-2022-22620	Vulnerebility	WebKit
2.4.22	Jupyter	Malware	Malware
2.4.22	Scarab	Malware	Ransomware
2.4.22	SpringShell	Vulnerebility	Vulnerebility
2.4.22	CVE-2022-0778	Vulnerebility	Vulnerebility
2.4.22	Mars Stealer	Malware	Malware Stealer
2.4.22	Oski Stealer	Malware	Malware Stealer
2.4.22	CVE-2022-22274	Vulnerebility	Vulnerebility
2.4.22	ObliqueRAT	Malware	RAT
2.4.22	CapraRAT	Malware	RAT
2.4.22	CVE-2022-1040	Vulnerebility	Vulnerebility/Exploit
2.4.22	Verblecon	Malware	Crypto Malware
2.4.22	Wslink	Malware	Malware