CyberIntelMag's Threat report

Weekly Cyber Threat Report, February 21 – February 25, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

The good news: This week’s good news includes Ukrainian cyberpolice catching phishing gang that steals credit card data, Nigerian hacker admitting stealing payroll payments and entering the guilty plea, White House denying cyberattacks on Russia, AWS launching a new security tool, and much more.

  • Ukraine’s cyberpolice caught a gang of phishing actors who stole payment card information from at least 70,000 clients by duping them into accessing fake mobile service top-up sites.
  • In these difficult conditions, European Union countries have agreed to provide cyber-defense assistance to Ukraine in combating potential cyber-attacks from Russia.
  • Charles Onus, a Nigerian native, pled guilty to hacking into a payroll company’s user accounts and stealing payroll payments. He was involved in a scheme that encompassed diverting payroll deposits by routing salary payments to his debit cards and taking over user accounts of business employees across the US.
  • Amazon Web Services (AWS) has developed Ghostbuster, an open-source security tool that will detect hanging elastic IP takeovers in a “fool-proof way.”
  • The White House has denied that Vice President Joe Biden has granted his approval for significant cyberattacks on Russia to impede the country’s ability to maintain its military operations in Ukraine.


The bad news: This week’s bad news includes PseudoManuscrypt malware that targets Koreans is spreading like CryptBot, Chinese hackers launching supply chain attacks on the financial trading sector of Taiwan, AirTag clone surpassing tracking-protection mechanisms of Apple, Cuba ransomware being installed on Microsoft Exchange servers, and much more.

  • PseudoManuscrypt, a botnet, has been attacking Windows devices in South Korea since May 2021. The distribution method it follows to spread is similar to another malware called CryptBot.
  • The non-fungible token (NFT) marketplace OpenSea investigates a phishing attempt that led to 17 of its customers losing over 250 NFTs worth over $2 million.
  • An advanced persistent threat (APT) outfit with ties to the Chinese government has been blamed for a coordinated supply chain attack on the financial industry of Taiwan.
  • A data breach was found by the SafetyDetectives security team at It is a luxury children’s apparel e-commerce website from France. 
  • A novel Android banking malware has been identified on the official Google Play store. With over 50,000 installations, it has targeted 56 European banks and stolen critical information from infected devices.
  • Asustor NAS drive users have learned that data on their network storage devices have been encrypted by ransomware, with attackers demanding a payment. Affected Asustor customers report how they discovered their NAS drives had been infected with the DeadBolt ransomware.
  • A security researcher claims to have bypassed the tracking protection features inherent in Apple’s Find My app and AirTag tracking devices using a custom-made AirTag clone. It raises concerns that stalkers might misuse AirTags anytime in the future.
  • Around 100 million Android-based Samsung smartphones shipped recently with vulnerabilities that allow the extraction of private encryption keys. The flawed encryption could allow initialization vector reuse attacks.
  • Cybersecurity experts uncovered a new data wiper that has been used in catastrophic cyberattacks against Ukrainian networks, just as Russia moves troops into Ukraine’s eastern regions.
  • Around 5,000 workstations in Sweden, Israel, Spain, and Bermuda were attacked by malware, Electron Bot. It entered Microsoft’s Official Store via clones of famous games like Subway Surfer and Temple Run.
  • The Cuba ransomware campaign exploits Microsoft Exchange vulnerabilities to access company networks and encrypt devices. UNC2596 is the name of the ransomware gang, while COLDDRAW is the name of the malware.
  • Zenly, a social media app from Snap, has two vulnerabilities – user-data exposure and account-takeover. When abused, they might put people being followed in danger.
  • The Computer Emergency Response Team of Ukraine (CERT-UA) revealed that Belarusian hackers launched a spearphishing attack against private email accounts belonging to Ukrainian military members.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.