Over the past two weeks, we saw that Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices. In addition, A team of researchers from China’s Pangu Lab on Wednesday published a 50-page report detailing a piece of Linux malware.
For more articles, check out our #onpatrol4malware blog.
SHIELDS UP
Source: CISA
While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations. Read more.
SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors
Source: Unit42
A custom backdoor, SockDetour is designed to serve as a backup backdoor in case the primary one is removed. It is difficult to detect since it operates filelessly and socketlessly on compromised Windows servers. Read more.
Chinese Researchers Detail Linux Backdoor of NSA-Linked Equation Group
Source: Securityweek
A team of researchers from China’s Pangu Lab on Wednesday published a 50-page report detailing a piece of Linux malware. Read more.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
Source: SentinelLabs
On February 23rd, our friends at Symantec and ESET research tweeted hashes associated with a wiper attack in Ukraine, including one which is not publicly available as of this writing. Read more.
New Sandworm malware Cyclops Blink replaces VPNFilter
Source: NCSC
Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office (SOHO) routers, and network-attached storage (NAS) devices. Read more.
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
Source: CISA
FBI, CISA, CNMF, and NCSC-UK have observed the Iranian government-sponsored MuddyWater APT group employing spearphishing, exploiting publicly known vulnerabilities, and leveraging multiple open-source tools to gain access to sensitive government and commercial networks. Read more.