Weekly Threat Digest: August 26 - September 01, 2024

For a detailed threat digest, download the pdf file here

Summary

HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, eleven attacks were executed, five vulnerabilities were uncovered, and three active adversaries were identified, underscoring the persistent danger of cyberattacks.

HiveForce Labs has identified an Iranian state-sponsored threat actor APT33 is targeting organizations in the United States and the United Arab Emirates with a new malware strain known as the Tickler backdoor. In these attacks, APT33 has leveraged Microsoft Azure infrastructure for command-and-control (C2) purposes, allowing them to manage and maintain access to compromised systems.

Additionally, the South Korea-linked cyberespionage group APT-C-60 has been actively targeting organizations in East Asia by exploiting a zero-day vulnerability, CVE-2024-7262, in the Windows version of WPS Office. This flaw has been used to deliver the SpyGlace backdoor through phishing emails. Moreover, the Chinese APT group Volt Typhoon has been exploiting a  Versa Director zero-day vulnerability CVE-2024-39717 to deploy the VersaMem web shell, further escalating the threat landscape. These escalating threats pose a significant and immediate risk to users worldwide.

Subscribe to receive our weekly threat digests and newsletters directly in your inbox.