January cyber news round-up
Cyber-espionage group infect themselves with their own malware, the NHS gets targeted by Log4Shell, the Winter Olympics app is filled with vulnerabilities and the Red Cross falls victim to a large scale cyber attack.
We may only be one month into 2022, but there is no rest for the (cyber) wicked! Check out the latest news of cyber events from across the globe this month.
UK NHS reveals ongoing attacks on VMWare Horizon servers
The security team of the UK National Health Service (NHS) has detected a threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks.
Log4j patches were released to fix and counter the attacks, and VMWare was one of the companies that integrated the Log4j fixes in its products. But it appears attackers are trying to identify unpatched servers despite VMWare’s attempt to make the patch widely available.
The NHS’ security team said that once the exploit has successfully run and the web shell is placed on the vulnerable server, the web shell can act as a backdoor for other malicious activities “such as deploying additional malicious software, data exfiltration, or deployment of ransomware”.
Cyber-espionage group infect themselves with their own malware
An Indian-linked cyber-espionage group, PatchWork accidentally exposed their operations to security researchers after infecting themselves with their own custom remote access trojan (RAT).
During PatchWork's most recent campaign in late November to early December, Malwarebytes Labs observed the threat actors using malicious RTF documents impersonating Pakistani authorities to infect targets with a new variant of the BADNEWS RAT, known as Ragnatela.
Ironically, all the data obtained on this group was obtained when they infected themselves with their own malware, resulting in researchers being able to view numerous actions performed by them.
Red Cross falls victim to massive cyber attack
The International Committee of the Red Cross (ICRC) has revealed it was the victim of a large-scale cyberattack in a recent statement.
In the statement, the ICRC revealed that the attack "compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention."
The ICRC said the attackers targeted an external company in Switzerland that is contracted to store data for them. Though there is no evidence so far that the compromised information has been leaked, the threat actor who carried out the attack has still not been identified.
Beijing 2022 Winter Olympics app found to have numerous privacy risks
The official app for the Beijing 2022 Winter Olympics, called ‘My 2022’, has many security flaws. The app, which is mandatory for all athletes, journalists and audience members attending the games, uses a flawed encryption. This enabled malicious actors to intercept data, including documents, audio and other files, from the app in an unencrypted format.
Domestic users are required to enter their national identification numbers, phone numbers, email addresses and employment information. Foreign users need to input their passport information, COVID-19 vaccination status, demographic data, employer and a daily health check.