A naukri.com initiative
Sentinelone
1M
266
Image Credit: Sentinelone
The Good, the Bad and the Ugly in Cybersecurity – Week 14
- The Department of Justice (DoJ) has seized over $8.2 million in cryptocurrency linked to romance baiting scams, freezing and reissuing the stolen funds to law enforcement-controlled wallets for potential restitution to victims.
- A critical vulnerability (CVE-2025-22457) in Ivanti products is being actively exploited by a China-linked threat actor, allowing remote code execution and long-term persistence in victim environments.
- Ivanti has released patches to mitigate the CVE-2025-22457 vulnerability, urging customers to update to prevent exploitation; active attacks observed since mid-March 2025.
- New malware named 'WRECKSTEEL' was used in cyber espionage campaigns targeting Ukraine, attributed to a threat cluster known as UAC-0219 active since fall of 2024, spreading through phishing emails.
- In the Ukraine cyberattacks, government accounts were compromised to spread malicious links disguised as public file-sharing services, with attackers using tactics like fake salary reduction notices to lure victims.
- Attackers used a Visual Basic Script (VBS) loader triggered by clicking malicious links, executing a PowerShell script to harvest documents, images, and screenshots in the espionage campaign.
- The malware WRECKSTEEL shows advanced development by integrating screenshot functionality directly into the PowerShell script for data collection in the cyber espionage activities targeting Ukraine.
- The cyber espionage campaign targeting Ukraine reflected advanced tactics using PowerShell-based techniques and phishing emails to evade detection and gather specific data from government agencies and critical infrastructure.
- CERT-UA has issued IoCs to help organizations detect and mitigate the new malware WRECKSTEEL and similar cyber threats used in espionage campaigns targeting Ukraine.
- The evolving sophistication of cyber threats highlights the importance of timely software updates, security patches, and vigilance to prevent exploitation and protect against malicious activities.
Read Full Article
15 Likes
For uninterrupted reading, download the app