CyberIntelMag's Threat report

Weekly Cyber Threat Report, November 8 – November 12, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week, Russian FSB officers involved in hacking were identified by Ukraine, alleged REvil ransomware affiliates were arrested, Microsoft fixed 55 bugs in its November Tuesday update, the US seized $6 million from REvil, and much more.

  • The Security Service of Ukraine (SSU) recognized Russian FSB Officers involved in the hacking as members of the Gamaredon gang. Its operators are officers of the ‘Crimean’ FSB and traitors who fled to the enemy during the peninsula’s annexation in 2014.
  • The US Vice President Kamala Harris said the US would join the Paris Call for Trust and Security in Cyberspace. It includes nine principles – protecting individuals and infrastructure, defending intellectual property, cyber hygiene, defending electoral processes, non-proliferation of malicious software, lifecycle security, prohibiting private actors from “hacking back,” and adopting international norms “of responsible behavior.”
  • Romanian police arrested two persons for their involvement as REvil ransomware family members. This arrest was a severe hit to one of the most deadly ransomware groups. They’re accused of launching more than 5,000 ransomware operations and extorting about $600,000 from victims.
  • 55 vulnerabilities were fixed during the November 2021 update from Microsoft. It includes patches for six major vulnerabilities, 15 RCE problems, data breaches, and security flaws that might lead to spoofing and tampering.
  • Adobe has issued fixes to address at least four known security flaws that might leave users vulnerable to malicious hacker attempts. The most serious weakness, rated “critical,” was fixed in RoboHelp Server. It exposes corporate systems to arbitrary code execution attacks.
  • In conjunction with the July 2 attack on the Kaseya MSP platform, the US Department of Justice issued charges against a REvil ransomware affiliate, as well as the seizure of almost $6 million from another REvil accomplice.


From the bad news:

This week’s bad news includes Florida lab facing a ransomware attack, data breach at Robinhood, new TeamTNT hackers’attacks, Android spyware targeting users of Netflix, Twitter, and Instagram, hackers using a zero-day flaw in macOS, and others.

  • On its network, Nationwide Laboratory Services in Florida found odd activity. It was a ransomware assault in which the attackers used ransomware to encrypt files throughout the healthcare provider’s network, making their contents inaccessible. 
  • The TeamTNT hacker group is actively targeting poorly configured docker servers. The hackers want to install Monero cryptominers, hunt for more vulnerable Internet-exposed Docker instances and use container-to-host escapes to access the main network.
  • The Magniber ransomware gang is now infecting victims and encrypting their devices via two Internet Explorer vulnerabilities (CVE-2021-26411 and CVE-2021-40444) and fraudulent advertising. Keeping frequent backups on safe, separated systems is a highly effective strategy to combat this problem. 
  • The systems at Robinhood, a stock trading company, were compromised last week. This resulted in a data breach, affecting the personal information of nearly 7 million consumers. To carry out the hack, a threat actor pretended to be a customer care agent and used social engineering to acquire access to customer support systems.
  • Hackers are targeting Hong Kong websites belonging to a news organization and major pro-democracy labor and political group exploited a macOS zero-day vulnerability that has now been fixed. Their goal is to infect compromised devices with a never-before-seen backdoor.
  • Every day, Taiwan’s government institutions are subjected to around five million cyberattacks and inquiries, most of which originate in China. Taiwan’s defense ministry warns of an uptick in assaults on its systems by China-linked individuals.
  • New Android spyware, MasterFred, is used for stealing credit card information from users of Netflix, Twitter, and Instagram. This spyware also targets bank clients with distinct fake login overlays in multiple languages. 


About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.