Hydrox was first spotted by Twitter user Petrovich on July 29, 2022. On August 3, EnigmaSoft described this threat as a harmful malware that actually wipes users' data. This conclusion was made from a “ransom note” which didn’t actually contain any credentials or links for paying the ransom.
Symbiote is a new Linux malware that steals users’ data and provides a backdoor to threat actors. It was discovered in June, 2022 and is characterized as a very stealthy malware. It uses a lot of evasion techniques, such as hooking functions, capturing TCP traffic and hiding its own files. It collects users' data and exfiltrates it on DNS servers.
In April 2022, ESET researchers found a yet-unknown backdoor on macOS. It was named CloudMensis due to the fact that it uses different public cloud storage for C2 communication. CloudMensis looks for different types of documents, captures keyboard input, searches local emails and can take screen captures.
On March 18, 2022, the Telegram public group published a post detailing the release of a new version of malware, a Windows data stealer called ZingoStealer. The group created a chat bot to field information requests, deliver more information, and even enable downloads of ZingoStealer. Later, the developer announced that cryptomining functionality was added to the stealer in order to maximize profits from its operations.
On March 16, 2022, security specialists identified a new version of BlackCat ransomware (so named because the software displays a black cat on the victim’s payment site). These experts also noted that some previous YARA rules no longer match, which will make it difficult to find malicious files.
On February 23, 2022, a new data wiper and ransomware were deployed on a large number of devices in the Ukraine, as ESET Research reported on Twitter. Just before this, a couple of Ukrainian government sites and services were subjected to DDoS attacks. Cybersecurity specialists discovered that the malware was deployed via Microsoft Active Directory GPO. In addition to the disk wiper and ransomware, a worm component was deploy
Multiple government sites in Ukraine were shut down on January 13, 2022, the result of a large-scale cyberattack by the WhisperGate malware. Microsoft Intelligence named this activity "DEV-0586" and identified it as destructive malware that used to be ransomware. Its main purpose is to disrupt the system and damage files beyond the possibility of their recovery.
The first messages about VenomRAT started to appear in June 2020. By analyzing the code, analysts concluded that this new threat is a modified fork of Quasar RAT. The malware itself was introduced on malware-oriented forums, in posts advertising it as an effective tool to remotely access computers for $150 per month.
Discovered in 2016, Formbook appeared on underground forums, advertised as an infostealer for Windows. In October 2020, Formbook was renamed XLoader; as its developers say, it has the same features, but has improved from the previous version. XLoader can steal users’ information from various browsers, email clients and messengers, and is available to cybercriminals as a service.
In June 2021, military and government institutions were attacked using malware called SkinnyBoy. The malicious implant is attributed to the APT28 group, also known as Pawn Storm, Fancy Bear or Strontium. This group has been known since the mid-‘00s for cyber espionage operations, including attacks on NATO allies and organizations in the energy and transportation sectors as well as the 2016 U.S. presidential election.
DarkSide stands out from other ransomware as a service (RaaS) threats, as one of its attack vectors is based on the Zloader botnet (also known as “Silent Night”). It has also been delivered through compromised third-party service providers.
On Sunday, May 2, сybercriminal group N3TWoRM attacked the computer networks of the international clothing network H&M in Israel and threatened to release customer data.