Over the past two weeks, we saw that In February 2022, CISA, FBI, the U.S. CCNMF, the United Kingdom’s NCSC-UK, and NSA released a joint statement regarding their observation of Iranian government-sponsored APT MuddyWater and their malicious cyber activity. MuddyWater is known for cyber espionage, as well as other cybercriminal operations as part of Iran’s Ministry of Intelligence and Security.
For more articles, check out our #onpatrol4malware blog.
Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons
Source: FBI
The FBI noted ransomware attacks during these seasons against six-grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer. Read more.
Hive Ransomware Analysis
Source: Varonis
During a recent engagement with a customer, the Varonis Forensics Team investigated a ransomware incident. Multiple devices and file servers were compromised and encrypted by a malicious threat group known as Hive. Read more.
Malware in e-mail on the rise
Source: Kaspersky
Malicious spam campaign targeting organizations grows 10-fold in a month, spreads Qbot and Emotet malware. experts have detected significant growth in complex malicious spam e-mails targeting organizations in various countries. Read more.
TeamTNT targeting AWS, Alibaba
Source: CISCO TALOS
According to Cisco’s intelligence partner, the malware author modified these tools after they became aware that security researchers published the previous version of their scripts. Read more.
An in-depth look at Iraninan APT “MuddyWater”
Source: AVERTIUM
MuddyWater is known for cyber espionage, as well as other cybercriminal operations as part of Iran’s Ministry of Intelligence and Security. Released a joint statement regarding their observation of Iranian government-sponsored APT MuddyWater. Read more.
Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
Source: BROADCOM
Russia-linked group is continually refining its malware and often deploying multiple payloads to maximize chances of maintaining a persistent presence on targeted networks. Read more.
US warns of APT groups that can “gain full system access†to some industrial control systems
Source: Malwarebytes Labs
Multiple US federal government agencies have released a joint advisory about this kit dubbed PipeDream. It features one-of-a-kind tools designed to work against systems. Read more.
Blinding Snort: Breaking the Modbus OT Preprocessor
Source: Claroty
Snort is largely used passively on the network, but it can also take action on malicious packets, making it a powerful detection tool for defenders. Read more.