Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

LockBit ransomware returns, restores servers after police disruption


On Saturday, LockBit announced it was resuming the ransomware business and released damage control communication admitting that “personal negligence and irresponsibility” led to law enforcement disrupting its activity in Operation Cronos. Read more.

A Cyber Attack Hit The Royal Canadian Mounted Police

Source: Security Affairs

The Canadian government declared that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, have been hacked, resulting in the exposure of sensitive information belonging to an undisclosed number of government employees. Read more.

Russian hackers shift to cloud attacks, US and allies warn


APT29’s initial cloud breach vectors also include the use of stolen access tokens that enable them to hijack accounts without using credentials, compromised residential routers to proxy their malicious activity, MFA fatigue to bypass multi-factor authentication (MFA), and registering their own devices as new devices on the victims’ cloud tenants. Read more.

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)


ConnectWise shared the existence of the two flaws on Monday (February 19), when it said that they’ve been reported through their vulnerability disclosure channel via the ConnectWise Trust Center, and urged customers that are self-hosted or on-premise to update their servers to version 23.9.8 as soon as possible. Read more.

Feds remove Ubiquiti router botnet used by Russian intelligence

Source: SC Media

The botnet was built by cybercriminals outside the GRU who initially installed Moobot malware on Ubiquiti Edge OS routers that could be compromised because they used publicly known default administrator passwords. Read more.

Earth Preta Campaign Uses DOPLUGS to Target Asia


In this blog entry, we focus on the Earth Preta campaign, providing an analysis of the DOPLUGS malware variant that the group used, including backdoor command behavior, integration with the KillSomeOne module, and its evolution. Read more.

Migo – a Redis Miner with Novel System Weakening Techniques

Source: CADO

The malware, named Migo by the developers, aims to compromise Redis servers for the purpose of mining cryptocurrency on the underlying Linux host. Read more.

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns


We have observed evidence that the distribution campaigns for these malware families are related, with Astaroth and Mekotio being distributed under the same Google Cloud Project and Google Cloud storage bucket. Ousaban is also being dropped as part of the Astaroth infection process. Read more.

How BRICS Got “Rug Pulled” – Crypto Counterfeiting Is On The Rise

Source: Resecurity

A notable example of this deceptive practice is the emergence of a counterfeit token named ‘BRICS’ recently detected by Resecurity, which exploited the focus on the investment interest and potential expansion of the BRICS intergovernmental organization, comprising countries like Brazil, Russia, India, China, South Africa, Egypt, Ethiopia, Iran, and the United Arab Emirates. Read more.

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Source: The Hacker News

These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram, X (formerly Twitter), YouTube, Skype, GitHub, Reddit, Google, LinkedIn, Quora, Tumblr, VK, Flickr, TikTok, SnapChat, Gettr, Viber, Twitch, and Telegram. Read more.