Attacks, Vulnerabilities and Actors 08 to 14 July 2024
For a detailed threat digest, download the pdf file here
Summary
HiveForce Labs recently made several significant discoveries in the realm of
cybersecurity threats. In the past week alone, a total of five attacks were executed, nine
vulnerabilities were uncovered, and two active adversaries were identified. These
findings underscore the persistent danger of cyberattacks.
Additionally, HiveForce Labs uncovered a newly emerged cyber threat actor,
CRYSTALRAY employing advanced tactics and tools to steal credentials and deploy
cryptocurrency miners. CRYSTALRAY is motivated by collecting and selling credentials,
deploying cryptominers, and maintaining persistence in victim environments. The threat
actor leverages several open-source tools (OSS), including zmap, asn, httpx, nuclei,
platypus, and SSH-Snake, to facilitate their malicious activities.
Furthermore, Eldorado, a new Golang-based ransomware, targets both Windows and
VMware ESXi virtual machines. It has already claimed 16 victims in the U.S., affecting
sectors such as real estate, education, healthcare, and manufacturing. Eldorado avoids
critical system files to maintain usability, and self-deletes post-encryption to cover its
tracks. These rising attacks present a significant and immediate threat to users globally.
Subscribe to receive our weekly threat digests and newsletters directly in your inbox.