Lazarus equips two new remote-access trojan weapons
The Lazarus group is using two new remote access trojans to target health systems’ ManageEngine vulnerabilities.
The group recently made headlines after targeting healthcare entities in Europe and the US and has since evolved its malware to exploit the CVE-2022047966 vulnerability in the ManageEngine setup, allowing for remote code execution.
Its new RAT variants, QuiteRAT and CollectionRAT, allow for the attacker to run arbitrary commands, among other capabilities.
600x in P2PInfect cases warrants concern
Researchers have warned about P2PInfect, or the peer-to-peer (P2) worm, following a surge in its activity since late August this year.
Reports say that investigators have recorded a ‘600x jump’ in its activity, in the period between 12 and 19 September. The increase in attacks suggests the malware’s developers are now operating at an ‘extremely high development cadence’.
US authorities warn against ransomware-as-a-service operation
A ransomware-as-a-service operation, called Snatch, has made headlines after warnings were issued by the Federal Bureau of Investigation (FBI) and US Cybersecurity and Infrastructure Security Agency (CISA) about the group.
The gang has been involved in acts of double extortion – meaning that they don’t just encrypt data, and demand ransoms, but also exfiltrate the data, threatening to sell or publish it, should their extortion demands not be met.
