TeamViewer breach and Atlassian Jira outage
Threat actor breaches TeamViewer to deploy ransomware, Atlassian’s Jira suffers outage affecting multiple services, and Microsoft executives email hack. Catch all this and more in this week’s edition of Cybersecurity Weekly.
Top Security Awareness Posters
1. Ransomware actor breaches TeamViewer to gain initial access to corporate networks
Hackers are using TeamViewer to deploy ransomware, reports cybersecurity firm Huntress. They identified two incidents affecting both active and inactive endpoints. In both cases, swift intervention and antivirus software thwarted the attacks. Researchers say this recent ransomware closely mirrors the previously exploited LockBit Black malware.
2. Atlassian’s Jira goes down, affecting multiple cloud services
Atlassian's project management tool Jira recently suffered an outage affecting multiple services. The incident sparked a flurry of reports on X, as users struggled to begin or finish tasks. Reports from DownDetector revealed the outage was global and impacted users from various countries. Atlassian later announced a fix and said Jira should be usable again.
3. Microsoft says Russian nation-state hackers behind executives’ email breach
Microsoft says a Russian state-sponsored group known as Midnight Blizzard hacked its systems on January 12. The group used a password spray attack to gain entry and breach a portion of corporate emails. Since then, Microsoft has blocked their access and highlighted the continuous threat from such nation-state actors. The action aligns with new SEC regulations requiring prompt cyberattack disclosures by public companies.
4. FBI warns Androxgh0st malware spoofs important cloud credentials
CISA and the FBI warn about Androxgh0st malware building a botnet for cloud credential theft. Initially detected in 2022, the malware exploits flaws in key web frameworks to steal Office 365 and AWS credentials. Threat actors behind Androxgh0st use these credentials to conduct further attacks. Federal agencies advise updating systems and software and enhancing security measures to counter this threat.
5. 170,000 Android TV boxes hit by BigPanzi botnet for financial extortion
Beijing's Qianxin Xlabs reveals that a cybercrime group named Bigpanzi has been targeting Android TV and eCos set-top boxes since 2015. Using deceptive firmware updates and backdoored apps, Bigpanzi created a botnet with 170,000 daily bots and 1.3 million unique IPs. The group uses these devices to serve illegal media streams, DDoS attacks, and more. Despite extensive research, Xlabs has yet to disclose attribution details.
See Infosec IQ in action