Cyber Weekly Digest - 2022 Week #2

Updated: Jan 21

In this week's Cyber Weekly Digest, find out about the biggest cyber security stories, including ransomware gang arrests in Ukraine and the latest Microsoft Patch Tuesday, which fixed six zero-day vulnerabilities. Keep reading to stay up to date on the latest cyber security news.

1. Attackers take over a Russian Ministry of Foreign Affairs employee to carry out spear-phishing attacks.

Threat actors, who are believed to work for the North Korean government, have compromised the email account of a Russia's Ministry of Foreign Affairs employee and deployed spear-phishing attacks against the country's diplomats in other regions. Researchers found that the spear-phishing attacks have been active since at least October. Threat actors are using the attacks to deploy Konni malware, a remote administration tool associated with the activity from North Korean hackers known as APT37. The attackers a New Year theme as a decoy in emails to staff at the Russian embassy in Indonesia.

2. Microsoft's January Patch Tuesday fixes 97 vulnerabilities.

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update. Nine of them are rated critical, including six that are listed as publicly known zero-days. None of the zero-days are listed as being actively exploited, though two of them have public exploit code available. This patch Tuesday is an unusually large update for January; researchers noted that January updates are typically half the size.

3. Threat Hunters release details on the Patchwork threat group after they infect themselves with their own trojan.

Threat hunters have released details on the tactics, techniques, and procedures embraced by an Indian-origin threat group called Patchwork. The details focused on a recent campaign that started in November, which targeted Pakistani government entities and individuals. Ironically, the hunters were able to gather the information as the threat actor had infected themselves with their own remote access trojan, meaning the hunters could capture keystrokes and screenshots. In the latest campaign, the attackers lure potential targets with RTF documents impersonating Pakistani authorities to deploy a new variant of the BADNEWS trojan called Ragnatela.