The Jet CSIRT experts have put together the key information security news of the week for you again. Topping the TOP-3 was the news about the operators of the ransomware REvil, who extort a record $ 50 million from Acer. Also in the collection is the discovery of the APT group that attacked SolarWinds, and the first successful attacks on F5 BIG-IP and BIG-IQ through the CVE-2021-22986 vulnerability. The top three news were collected by Alexander Akhremchik, leading analyst of the Center for Monitoring and Response to Incidents of Information Security Jet CSIRT, Jet Infosystems.
BleepingComputer reported that information about the auction of documents stolen from Acer was published on one of the hacker forums. Among the stolen documents are financial statements and banking communications. Employees of the French edition LegMagIT managed to find out that the operators of the ransomware REvil were behind the attack on Acer. At the moment, the criminals are demanding a record $ 50 million from the affected company. At the same time, according to ransom-note, this price will double on March 28.
Information security experts from Prodraft have published a report detailing the investigation into the activities of a new APT group, which they named SilverFish. Prodraft experts say they have been able to gain access to attackers’ servers and malicious samples that link SilverFish to the SolarWinds attack. At the same time, some of these servers are also used by the EvilCorp group, which distributes the Dridex and WastedLocker malware.
NCC Group specialists have published information on the identification of the first successful attacks on F5 BIG-IP and BIG-IQ solutions through the CVE-2021-22986 vulnerability. This vulnerability was previously reported by the vendor itself. This CVE allows remote execution of arbitrary code via the iControl REST API in F5 products.