Department of Defense Cyber Crime Center (DC3) banner graphic

Cyber Threat Roundup - 15 December 2023

Department of Defense Cyber Crime Center (DC3) sent this bulletin at 12/15/2023 01:25 PM EST

Having trouble viewing this email? View it as a Web page. |

15 Dec 23

Cyber Threat Roundup

A collection of recent open-source items of interest to the Defense Industrial Base

116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems

Cybersecurity researchers identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both. The packages are estimated to have been downloaded over 10,000 times since May 2023.

https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html

Bianlian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Resecurity’s HUNTER unit spotted the BianLian, White Rabbit, and Mario ransomware gangs collaborating in a joint extortion campaign targeting publicly-traded financial services firms. The attack leveraged multiple Residential IP Proxies based in the APAC region. The bad actors leveraged Business Email Compromise (BEC) as the vector to deliver their ransom payment demands anonymously by using compromised e-mail accounts which belonged to other organizations to further complicate the investigation.

https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities. NKAbuse leverages blockchain technology to conduct distributed denial-of-service (DDoS) attacks and function as an implant inside compromised systems. The malware is implemented in the Go programming language, and evidence points to it being used primarily to single out Linux systems, including IoT devices.

https://thehackernews.com/2023/12/new-nkabuse-malware-exploits-nkn.html

Ubiquiti Users Report Having Access to Others’ UniFi Routers, Cameras

Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people’s devices and notifications through the company's UniFi cloud services. Ubiquiti has issued a statement saying that the bug allowing access to other customers' devices was caused by a misconfiguration in an upgrade to the UniFi cloud infrastructure. Ubiquiti says this issue occurred on December 13, between 6:47 AM and 3:45 PM UTC, and has since been fixed.

https://www.bleepingcomputer.com/news/security/ubiquiti-users-report-having-access-to-others-unifi-routers-cameras/

Stay Connected with DoD Cyber Crime Center (DC3):

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe All | Help