Weekly Threat Digest: September 30 – October 06, 2024
For a detailed threat digest, download the pdf file here
Summary
HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, four attacks were executed, sixteen exploited vulnerabilities were uncovered, and three active adversaries were identified. These findings highlight the growing and persistent risk posed by cyber intrusions.
A new cryptojacking operation is targeting Docker and Kubernetes environments, exploiting exposed Docker API endpoints without authentication to mine cryptocurrency. The Raptor Train botnet framework, operational since mid-2020, has evolved into a highly complex, multi-layered network primarily targeting SOHO networks and IoT devices. By June 2024, the botnet had expanded significantly, amassing a database of over 1.2 million compromised devices globally.
Additionally, SloppyLemming, a sophisticated threat actor likely originating from India, has been orchestrating an advanced cyberespionage campaign across South and East Asia. Concurrently, a recent spear-phishing campaign is targeting recruiters, leveraging a JavaScript-based backdoor known as More_eggs, disguised as fraudulent job applications. These escalating threats present an immediate and critical danger to global cybersecurity.
Subscribe to receive our weekly threat digests and newsletters directly in your inbox.