Skip to content
Censys Search Teams: Industry-leading internet intelligence for growing security teams and organizations | Learn More

This Week in CyberSecurity: June 19th – 23rd

Censys weekly cyber blog updates our audience on what’s going on in cyberspace. Keeping all readers up to date on breaking news that should not be missed. Coverage of the cybersecurity landscape, featuring major breakthroughs imposed by threat actors and recent breaches caused by their malicious techniques.

Stay informed on the newest developments this week (June 19th). The following are the top five news stories from this week:

1. New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions – June 19th

Mystic Stealer is a crimeware solution released in April 2023 for a little less than $200 per month. This malware is responsible for stealing data across several web browsers and extensions, targeting cryptocurrency wallets and streams, and using techniques to avoid detection. Python created the control panel, which was then implemented in the C programming language. The panel is designed to provide customers of the stealer with access to all of the data logs they retrieved.

The virus was modified in May to include a loader that receives and distributes next-stage payloads from a command-and-control server, making it a more dangerous threat. Researchers believe that this malware is intended to steal more information by focusing on evading defense analysis and detection. Stealing criminals are assisting other cybercriminals in launching their campaigns by giving them basic data, which is then used to launch ransomware and data extortion campaigns.
(Source: TheHackerNews)


2. US Investors Sniffing Around Blacklisted NSO Group Assets – June 19th

NSO Group is a notorious Israeli firm developing a zero-click spyware program known as Pegasus. This malware was blacklisted by the US government in 2021. It was developed in order for attackers’ to monitor government officials, embassy personnel, business professionals, and a variety of other groups worldwide. There were constraints imposed on the group for transferring US technology by the end of 2021. However, nine department officials discovered this spyware on their mobile devices.

A number of lawsuits have been filed against NSO Group as a result of this specific spyware. Hanan Elatr, the wife of Jamal Khashoggi, the deceased Washington Post journalist, filed a lawsuit for violation of US hacking laws. She claims the group utilized their software to monitor Jamal’s death and has jeopardized her financial security, privacy, and career. At the end of 2021, Apple filed a case against NSO for targeting their customers with malicious software. Further, in January, the US Supreme Court authorized WhatsApp, a popular messaging network, to advance their suit against NSO for implementing this software on their mobile platform.

Despite the NSO Group’s legal problems, they have continued to try to modify and improve Pegasus spyware, and companies have already seen this software on their channels. US investors and defense contractors regard this malicious software as a financial gain and are beginning to explore purchasing some of the Group’s assets. However, experts advise against purchasing these assets since it raises possible security problems and leads down a path where more vulnerabilities could emerge in the future.
(Source: DarkReading)


3. Asus Patches Highly Critical WiFi Router Flaws – June 19th

Asus, a computer hardware firm, has released nine firmware updates for their WiFi router models. In recent research, Asus uncovered various vulnerabilities that their customers could face, including code execution assaults, information leakage, dental-of-service, and gaining authentication bypass methods.

Two vulnerabilities stood out amongst the rest due to a CVSS security grade of 9.8 and being memory corruption concerns. CVE-2018-1160 exposes routers to code execution attacks by unauthorized attackers who are attempting to exploit this vulnerability to execute code attacks. The second vulnerability is CVE-2022-26376, which is a memory vulnerability in Asuswrt’s httpd. Threat actors could format an HTTP request strategically, leading to a memory corruption attack. Asus advises customers to update to the latest firmware or disable the infected routers.

This isn’t the first time Asus has experienced a security vulnerability; the following WiFi routers have been affected in the past: Asus GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000 and TUF-AX5400.
(Source: SecurityWeek)


4. Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces – June 20th

With the recent takeover of AI chatbots, many organizations are incorporating this software into their everyday or operational projects. Over the course of nearly a year (June 2022-May 2023), cyber attackers were able to compromise over 100,000 account credentials on this AI bot. ChatGBT is configured to save all information from all conversations, which gives threat actors a larger database to work with. The breached information was identified on the dark web this month due to an increase in the number of information-stealing logs for sale. The three malicious stealers responsible for this are Raccoon (78,000 logs), Vidar (about 13,000), and Redline (with approximately 7,000).

Asia-Pacific, the Middle East and Africa, Europe, Latin America, and North America have the most breached and for sale account logs. This new campaign stems from an on-going campaign in which attackers’ use appealing adult content from an altered version of AsyncRAT, known as DCRat. Compromised users have been claimed to have downloaded files using a new VBScript version dubbed GuLoader. This new spyware captures users’ scripts and converts them into encrypted PowerShell scripts that are then executed on their web application.

Information thieves are on the rise among all threat actors as they have become more skilled. They can easily acquire users’ passwords and financial information by collecting insight from their internet browsers and cryptocurrency addons. The obtained information is being sold on the dark web in the hopes that other criminals will use it for their campaigns. Researchers advise users to enable two-factor authentication on their accounts in the hope of preventing more accounts from being compromised.
(Source: TheHackerNews)


5. Kaspersky Dissects Spyware Used in iOS Zero-Click Attacks – June 21st

Operation Triangulation targets senior employees who use Apple iPhones, with a malicious exploit messages containing a remote code execution vulnerability. The code contains a feature that allows attackers’ to gain control of the targeted devices. However, if users do not reset their device, the spyware will automatically be uninstalled after 30 days. Then, attackers’ must install the spyware again to infect the targeted device.

TriangleDB interfaces with its command-and-control server via the Protbuf library for data transmission. Messages are encrypted using symmetric and asymmetric encryption algorithms such as 3DES and RSA. Kaspersky, the first to detect this malware, uncovered 24 commands related to file and process interaction, keychain dumps, geolocation monitoring, and the execution of additional modules of Mach object file format executables. This malicious software attentively examines folder modifications for any recent updates and detects files that should be exfiltrated. Kaspersky discovered that whoever is behind the TriangleDB operation is now targeting Macbooks with a very similar operation.
(Source: SecurityWeek)

There is no simple solution to this ever-changing war with cybercriminals. Companies like Censys and threat actors, are continuously trying to outsmart one another. Unfortunately, we have discovered and highlighted several companies this week that were impacted by the attackers’ operations.

The five articles presented have appeared on the web on a variety of platforms and have received significant news coverage. By informing and educating our audience about what’s occurring in the industry, we can better understand threat actors’ future plans. It merely takes a few minutes for their next campaign to surface and try to capitalize on another organization.

Attack Surface Management Solutions
Learn more