Threat Intelligence Bulletin – Server Backdoors, Worms, and State-sponsored Threats
Chinese cloud threat actor updates toolset to breach Linux servers to install crypto miners
SessionManager malware exploits a ProxyLogon flaw to backdoor Exchange servers
- https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.html
- https://www.darkreading.com/attacks-breaches/new-sessionmanager-exchange-server-backdoor-globally
Malicious NPM packages steal data from apps and web forms
AstraLocker 2.0 using Word email attachments to infect devices in smash-n-grab strategy
Proof-of-concept exploit for CVE-2022-28219, a vulnerability in Zoho ManageEngine ADAudit Plus tool that can lead to RCE and compromise of Active Directory accounts
Microsoft details Raspberry Robin Windows worm which spreads via USB devices with a malicious .LNK file, seen in many organizations across various industries
Hive ransomware switches from GoLang to Rust, becoming more robust and prolific
Threat actors using legitimate adversary simulation software BRc4 to evade detection
Maintainers of OpenSSL release patches for high-severity RCE bug (CVE-2022-2274)
RedAlert ransomware campaign targeting corporate Windows and Linux VMWare ESXi servers
State-sponsored threat actors targeting Healthcare organizations using Maui ransomware
Possible state-sponsored threat group attacking corporate email environments by targeting trusted systems that do not support security software like AV or endpoint protection