Using China Linked APT 31 Cloned and Used NSA Hacking Tool:
Security researchers reported that APT31 cloned and reused a Windows-based hacking tool for years before Microsoft fixed the vulnerability. According to Check Point Research reports, APT31, a hacking group affiliated with China, copied and used a National Security Agency (NSA) hacking tool years before Microsoft patched the vulnerability. Researchers found evidence that APT31 was able to access and clone a Windows hacking tool affiliated with the Equation Group, an operation discovered by Kaspersky in 2015. This group, which has effective attacks around the world, is thought to have been active since 2001. Previously, the NSA is thought to have ties to Special Access Operations (TAO). Both the US and China-linked versions of the hacking tool exploit CVE-2017-0005, a then unknown Windows privilege escalation vulnerability that was previously associated with APT31. The APT group was found to be using its own version of the tool, which the researchers called "Jian", since at least 2015, and until Microsoft fixed the vulnerability in 2017.
Source
darkreading.com
FireEye has associated zeroday attacks on FTA servers with the FIN11 group.
Cyber security firm FireEye said in a statement that the attacks using Zeroday attacks on Accellion FTA servers, which hit nearly 100 companies around the world in December 2020 and January 2021, were carried out by a cybercriminal group known as FIN11. During the attacks, hackers exploited four vulnerabilities to attack FTA servers, thought to be a web shell called DEWMODE, which attackers use to download files stored on victims' unencrypted devices. “From a total of nearly 300 clear clients, less than 100 were victims of the attack,” Accellion said in a press release today. “Of this group, fewer than 25 people appear to have suffered significant data theft.”
Source
zdnet.com
FedEx Phishing Attack
10,000 Microsoft Email Users targeted. Microsoft users receive emails that appear to be from FedEx and DHL Express, but these messages are not real mail, but a phishing attack aimed at stealing credentials. Researchers warn of phishing attacks that target at least 10,000 Microsoft email users and appear to come from popular sites including FedEx and DHL Express. Both scams targeted Microsoft email users and aim to steal business email account credentials. They were also found to be using phishing pages hosted on legitimate domains, including those found on Quip and Google Firebase. "The email headers, sender names, and content were enough to disguise their true intentions and make victims think the emails really came from FedEx and DHL Express, respectively," researchers from Armorblox said on Tuesday. ”
Source
threatpost.com
30,000 Macs infected with new Silver Sparrow malware.
Silver Sparrow was discovered by Red Canary security researchers and analyzed together with researchers from Malwarebytes and VMWare Carbon Black. “According to data provided by Malwarebytes, Silver Sparrow has infected 29,139 macOS endpoints in 153 countries as of February 17, affecting users in the United States, United Kingdom, Canada, France and Germany,” wrote Tony Lambert of Red Canary. A report released last week shared details of how the malware was distributed and infected users, despite numerous infections, and it's unclear whether Silver Sparrow is lurking in malicious ads, pirated apps or fake Flash updaters. The purpose of this Malware is still unclear and researchers do not know what its ultimate purpose is.
Source
zdnet.com
VMware ESXi and vSphere Vulnerability
Multiple vulnerabilities critically exposed in ESXi and vSphere Client (HTML5), VMware has released a statement. Shared updates are available to fix these vulnerabilities in affected VMware products (CVE-2021-21972)
Source
vmware.com
