At a glance.
- New IceFire version is out.
- A DUCKTAIL tale.
- Social engineering by Tehran.
- DPRK's LIGHTSHOW cyberespionage.
- The President's Budget and cybersecurity.
- The US Department of Defense issues its cyber workforce strategy.
- Remcos surfaces in attacks against Ukrainian government agencies.
- DDoS at a Ukrainian radio station.
- CISA releases five ICS advisories.
New IceFire version is out.
A new version of the IceFire ransomware is targeting Linux systems within enterprise networks, according to researchers at SentinelOne. The ransomware was previously limited to Windows systems. The threat actors behind IceFire launch double extortion attacks against large enterprises in the technology, media, and entertainment sectors. The ransomware has been deployed against entities in Turkey, Iran, Pakistan, and the United Arab Emirates, which the researchers note “are typically not a focus for organized ransomware actors.”
The Linux version of IceFire is deployed via CVE-2022-47986, a recently disclosed vulnerability in IBM’s Aspera Faspex file-sharing software. The Record notes that IBM issued a patch for the flaw on January 18th.