Written by
Team Nucleus
Content
Written on
17th January, 2025
SHARE ARTICLE
Analyst Insight
The FBI removing over 4,200 instances of the “PlugX” malware highlights the proactive efforts of law enforcement tackling cybercriminal activities. We have seen a rise of law enforcement disrupting cybercriminal activities in the previous months.
The Nominet breach proves how much organisations have to trust the security of third-party software, with the vulnerability in Ivanti VPN software. Third-party software vendors must be more vigilant in applying secure programming practices and quality testing of software before versions are released in the wild.
Fake Proof-of-Concept Exploit Used to Deliver Infostealers to Security Researchers
Researchers at Trend Micro discovered threat actors leveraging vulnerabilities disclosed in Microsoft’s December Patch Tuesday to lure cybersecurity researchers into downloading and executing infostealer malware. The threat actor disguised the infostealer malware as a proof-of-concept exploit for LDAPNightmare (CVE-2024-49113) and uploaded it to GitHub for security researchers to analyse. This technique has been sighted many times before, but as this attack capitalises on a recent and trending vulnerability disclosure this may pose a greater risk.
Nominet Reports Security Breach Exploited Through Ivanti Zero-Day Vulnerability
Nominet, the official domain registry for UK domain names, has disclosed a security breach this week involving threat actors exploiting a zero-day vulnerability in Ivanti VPN software. The vulnerability in Ivanti Connect Secure software allowed attackers to gain unauthorised access to systems; there is no evidence of data breach or leakage.
The breach was identified after unusual activity was detected on their network, which was reported to the relevant authorities. Nominet has since taken steps to mitigate the impact and secure their systems.
January Patch Tuesday: Microsoft Releases Fixes for 159 Security Flaws
Microsoft's January 2025 Patch Tuesday addresses 159 flaws, including eight zero-day vulnerabilities and twelve "Critical" vulnerabilities. The updates address 40 elevation of privilege vulnerabilities, 14 security feature bypass vulnerabilities, 58 remote code execution vulnerabilities, 24 information disclosure vulnerabilities, 20 denial of service vulnerabilities, and 5 spoofing vulnerabilities. More detailed information about the updates can be found on Microsoft MSRC.
FBI Removes PlugX Malware from Over 4,200 Infected U.S. Computers
The U.S. Department of Justice and the FBI, in collaboration with international partners, have successfully eradicated the "PlugX" malware from over 4,200 infected computers. Deployed by threat actors known in the private sector as "Mustang Panda" and "Twill Typhoon," uses the malware to infiltrate, control, and steal information from targeted systems. This variant of “PlugX” has a wormable component which allows it to spread via USB flash drives.
These hacker groups have been active since at least 2014, targeting entities across the U.S., Europe, and Asia. The operation, authorized by a U.S. court, aimed to disrupt their malicious activities and bolster global cybersecurity.
Blood Donation Charity Confirms Personal Data Stolen in July Ransomware Attack
Non-profit blood donation charity “OneBlood” confirms personal information was stolen in a ransomware attack last summer, including names and social security numbers of donators. OneBlood is a major blood supplier serving over 250 hospitals in the U.S, the attack disrupted blood collection, testing, and distribution processes. This disruption forced some clinics to implement 'critical blood shortage' protocols due to the delays. Since the disclosure, OneBlood is offering victims free credit monitoring subscriptions to inform of any fraud caused by the data theft.
