+1.813.321.0987

Over the past two weeks, we saw that Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices. In addition, A team of researchers from China’s Pangu Lab on Wednesday published a 50-page report detailing a piece of Linux malware.

For more articles, check out our #onpatrol4malware blog.

SHIELDS UP

Source: CISA

While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations. Read more.

SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors

Source: Unit42

A custom backdoor, SockDetour is designed to serve as a backup backdoor in case the primary one is removed. It is difficult to detect since it operates filelessly and socketlessly on compromised Windows servers. Read more.

Chinese Researchers Detail Linux Backdoor of NSA-Linked Equation Group

Source: Securityweek

A team of researchers from China’s Pangu Lab on Wednesday published a 50-page report detailing a piece of Linux malware. Read more.

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

Source: SentinelLabs

On February 23rd, our friends at Symantec and ESET research tweeted hashes associated with a wiper attack in Ukraine, including one which is not publicly available as of this writing. Read more.

New Sandworm malware Cyclops Blink replaces VPNFilter

Source: NCSC

Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices. Read more.

Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

Source: CISA

FBI, CISA, CNMF, and NCSC-UK have observed the Iranian government-sponsored MuddyWater APT group employing spearphishing, exploiting publicly known vulnerabilities, and leveraging multiple open-source tools to gain access to sensitive government and commercial networks. Read more.