TOP-3 cybersecurity events of the week according to Jet CSIRT

Today is Friday, which means that Jet CSIRT specialists have again collected key information security news for you. This time in the TOP-3 – new attacks by the Babuk Locker ransomware, a vulnerability in the Windows print spooler and a cyber campaign aimed at government agencies in Asian countries. The news was chosen by Igor Fitz, analyst of the center for monitoring and responding to incidents of information security Jet CSIRT, Jet Infosystems.
Read more under the cut.

Babuk Locker ransomware constructor used in new attacks

Last week security researcher Kevin Beaumont discoveredthat someone uploaded Babuk Locker ransomware on VirusTotal. After the constructor was leaked to the network, an intruder started using it in attacks on ordinary users. The hacker uses Tutanota’s email address and demands a $ 210 ransom. We would like to note that the creators of Babuk Locker announced the termination of operations with ransomware after a high-profile attack on the Washington police department.

Chinese APT group attacked state structures of Asian countries

A team of Check Point researchers uncovered an ongoing phishing campaign targeting the Afghan government. Further investigation revealed that the attackers also targeted Kyrgyzstan and Uzbekistan. The suspect in the cyber espionage operation is APT IndigoZebra, which the researchers associate with China. The infection was carried out using phishing emails, the attachment of which contained a dropper that installed the BoxCaon backdoor. In addition, it is known that in the attack on the Afghan government, Dropbox was used as the command server, which made it difficult to detect the attackers.

0-day vulnerability found in Windows Print Spooler

Cybersecurity researchers at the Chinese company Sangfor have published a PoC exploit that implements the PrintNightmare vulnerability in the Windows print spooler. PoC was originally supposed to implement a vulnerability (CVE-2021-1675) closed by Microsoft in June. But it turned out that this is a completely new flaw (CVE-2021-34527), allowing an attacker to take full control of the attacked system. To avoid attack, we recommend that you disable the Windows Print Spooler service (spoolsv.exe) on domain controllers and non-printing hosts.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *