May 19, 2022

Weekly Threat Digest: 9-15 May 2022

For a detailed threat digest, download the pdf file here

Published VulnerabilitiesInteresting VulnerabilitiesActive Threat GroupsTargeted CountriesTargeted IndustriesATT&CK TTPs

The second week of May 2022 witnessed the discovery of  650 vulnerabilities out of which 3 gained the attention of Threat Actors and security researchers worldwide. All 3 of them are zero days. Hive Pro Threat Research Team has curated a list of 3 CVEs that require immediate action.

Further, we also observed Threat Actor groups being highly active in the last week. Oilrig, an Iranian threat actor group popular for Information theft and espionage, was observed targeting Jordan with phishing emails. Common TTPs which could potentially be exploited by these threat actors or CVEs can be found in the detailed section.

Detailed Report:

Interesting Vulnerabilities:
VendorCVEsPatch Link

*zero-day vulnerability

Active Actors:

OilRig (APT 34, Helix Kitten, Twisted Kitten, Crambus ,
Chrysene, Cobalt Gypsy, TA452, IRN2, ATK 40, ITG13)
IranInformation theft and espionage

Targeted Location:

Targeted Sectors:

Common TTPs:

TA0042: Resource DevelopmentTA0001: Initial AccessTA0002: ExecutionTA0005: Defense EvasionTA0007: DiscoveryTA0011: Command and ControlTA0010: ExfiltrationTA0006: Credential Access
T1588: Obtain CapabilitiesT1190: Exploit Public-Facing ApplicationT1059: Command and Scripting InterpreterT1480: Execution GuardrailsT1087: Account DiscoveryT1071: Application Layer ProtocolT1041: Exfiltration Over C2 ChannelT1557: Adversary-in-the-Middle
T1588.006: VulnerabilitiesT1059.001: PowerShellT1087.001: Local AccountT1071.004: DNS
T1059.003: Windows Command ShellT1083: File and Directory DiscoveryT1132: Data Encoding
T1053: Scheduled Task/JobT1049: System Network Connections DiscoveryT1132.002: Non-Standard Encoding
T1053.005: Scheduled TaskT1568: Dynamic Resolution
T1204: User ExecutionT1568.002: Domain Generation Algorithms
T1204.002: Malicious File
T1047: Windows Management Instrumentation

Threat Advisories:

Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday

OilRig is back with another Phishing Email attack, delivering the Saitama Backdoor

Related Events

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo