3rd March, 2023
WHSmith Staff Data Hit by Cyber-Attack
British high street retailer WHSmith has confirmed that they have been hit by a cyber attack which resulted in the theft of company data. The company has advised that current and former employee data was accessed during the attacks, including Names, Addresses, Dates of Birth and National Insurance numbers. This attack against WHSmith is the latest in an ever increasing number of attacks against well known high street chains based in the UK. This trend is only expected to continue and recent reports suggest that over a quarter of UK business leaders are anticipating that the frequency of cyber attacks will increase significantly this year.
New EX-22 Tool Being Sold For $5000 For A Lifetime Subscription
A new post-exploitation framework known as EXFILTRATOR-22 (EX-22) has been discovered, which aims to deploy ransomware within enterprise networks while avoiding detection. The tool has several capabilities, including establishing a reverse shell, logging keystrokes, launching ransomware, and conducting lateral movement. It can persist after system reboots, generate cryptographic hashes of files, and extract authentication tokens. The cybersecurity firm CYFIRMA believes that the creators of this malware are operating from North, East, or Southeast Asia and are likely former affiliates of the LockBit ransomware.
Law Firms Being Targeted By GootLoader And FakeUpdates Malware
Cryptocurrency Firms Are Being Targeted By New Parallax RAT
Cryptocurrency companies are being targeted in a new campaign that uses a remote access trojan (RAT) called Parallax RAT to gain remote access to victim machines. Parallax RAT can upload and download files, record keystrokes and screen captures, and access data stored in the clipboard. Attackers are using Notepad to communicate with victims and instructing them to connect to an actor-controlled Telegram channel. The attacks are particularly interested in cryptocurrency companies, and the RAT is being delivered via phishing emails bearing the malware. The use of Telegram is also concerning, as the platform has become a hub for criminal activities due to lax moderation efforts.
Threat Actors Target ManageEngine CVE-2022-47966
BitDefender Labs report that since January 20th 2023 there has been a global increase in attacks against ManageEngine vulnerability CVE-2022-47966 - a Remote Code Execution (RCE) vulnerability found in 24 Zoho/ManageEngine products. Based on their research there are up to 4000 internet facing servers affected and still unpatched. The RCE vulnerability allows unauthenticated remote code execution and the underlying cause is an outdated third party component containing a 15 year old vulnerability. Telesoft's Cyber Analysts have been carrying out targeted threat hunts for our customers who use ManageEngine products based on the Indicators of Compromise (IoCs) available.