Cyber Weekly Digest - 2022 Week #46

Take a look at the latest Cyber Weekly Digest to get a rundown of some of the biggest cyber security news from the week including the threat actors who breach the US Government by utilising the Log4Shell exploit. Keep reading to stay up to date on the latest cyber security stories.

1. Phishing drop IceXLoader malware on thousands of home and corporate devices

An ongoing phishing campaign has infected thousands of home and corporate users with a new version of the ‘IceXLoader’ malware. The authors of IceXLoader, a malware loader first spotted in the wild this summer, have released version 3.3.3, which enhanced the tool’s functionality and introduced a multi-stage delivery chain. The delivery chain of the malware starts with the arrival of a ZIP file via a phishing email containing the first-stage extractor. The extractor drops a hidden temp folder with an executable. The executable will then download a PNG file that converts it into an obfuscated DLL file, which is the IceXLoader payload. Then the process checks to see if it is running on a sandbox and then starts process hollowing. The security researchers have informed the affected companies of the exposure, but the database is updated with new entries daily.

2. Ukraine says Russian hacktivists are using new Somnia Ransomware in attacks

Russian hacktivists have infected multiple organisations in Ukraine with a new ransomware strain called ‘Somnia,’ encrypting their systems and causing operational problems. The Computer Emergency Response Team of Ukraine (CERT-UA) has confirmed the outbreak via an announcement on its portal, attributing the attacks to ‘From Russia with Love’ (FRwL), also known as ‘Z-Team,’ whom they treat as UAC-0118. The group previously disclosed their Somnia ransomware on Telegram and even posted evidence of attacks against tank producers in Ukraine. According to CERT-UA, the hacking group uses fake sites that drop fake tools such as “Advanced IP Scanner” software to trick Ukrainian organization employees into downloading an installer. Somnia does not request the victims to pay a ransom in exchange for a working decryptor to recover the files, as its operators are more interested in causing disruption to their targets than generating revenue. This means the malware should rather be considered a data-wiper than a traditional ransomware attack.

3. Russian scooter-sharing service Whoosh confirms data breach of 7.2 million records