Threat Intelligence Bulletin – Russian Threat Actors, Leveraging Public Cloud Storage, and Cross-platform Capabilities with Rust

Netwrix Auditor application contains security vulnerability leading to arbitrary code execution in Active Directory domain if successfully exploited

• https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html

---

VoIP phones utilizing Digium software and Elastix server software targeted to drop web shells

• https://www.bleepingcomputer.com/news/security/elastix-voip-systems-hacked-in-massive-campaign-to-install-php-web-shells/

---

New method of leaking information across air gaps uses SATA or Serial ATA cables

• https://thehackernews.com/2022/07/new-air-gap-attack-uses-sata-cable-as.html

---

CloudMensis spyware targeting Apple macOS using public cloud storage services to receive attack commands and exfiltrate files

• https://www.bleepingcomputer.com/news/security/new-cloudmensis-malware-backdoors-macs-to-steal-victims-data/

---

Russian state-sponsored group APT29 attributed to new phishing campaign leveraging Google Drive and Dropbox to deliver malicious payloads

• https://thehackernews.com/2022/07/russian-hackers-using-dropbox-and.html

---

8220 crypto mining group grows to control 30,000 infected hosts

• https://thehackernews.com/2022/07/this-cloud-botnet-has-hijacked-30000.html

---

New Russian ransomware written in Rust dubbed “Luna” can encrypt Windows, Linux, and ESXi systems

• https://www.bleepingcomputer.com/news/security/new-luna-ransomware-encrypts-windows-linux-and-esxi-systems/

---

Detailed information regarding exploitation of Windows RCE vulnerability in Network File System (CVE-2022-30136)

• https://www.theregister.com/2022/07/15/windows_nfs_patch/

---

Longer read on how to abuse Duo misconfigurations in Windows and Active Directory

• https://www.mandiant.com/resources/abusing-duo-authentication-misconfigurations