Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts and incidents every weekday.

First time seeing this? Please subscribe.

Cyber Alerts

• Backdoor malware found on hundreds of servers after exploit of ConnectWise vulnerability

Cybersecurity company Fox-IT has discovered that an attack targeting the ZK Java framework of ConnectWise's R1Soft Server Backup Manager software has led to hundreds of servers being infiltrated with backdoors. While ConnectWise warned customers of the vulnerability back in October 2022, the flaw - a form of authentication bypass - has continued to be exploited, with Fox-IT finding evidence of it being used to gain server access since late November of that year. Fox-IT has now released indicators of compromise (IoCs) to help organizations determine whether they have been targeted using the vulnerability.

• Hydrochasma: A New Threat Actor Using Open-Source Tools for Intelligence-Gathering Campaigns

Shipping companies and medical laboratories in Asia are being targeted in an intelligence-gathering campaign by a new threat actor, Hydrochasma, using open-source tools exclusively. Although no data exfiltration has been observed, the tools deployed could potentially allow for remote access and data exfiltration. The campaign, which began in October 2022, targets industries that may be involved in COVID-19 treatments or vaccines.

• Over 15,000 Spam Packages Flood Open Source NPM Repository To Distribute Phishing Links

A recent report by Checkmarx warns of a massive campaign that deployed over 15,000 spam packages in the NPM repository to distribute phishing links. The attackers used automated processes to create the packages with descriptions and names that closely resembled one another. The rogue packages were designed to trick users into downloading them and clicking on the links to the phishing sites that promised increased followers on social media platforms.