THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.

Affected: Various organizations and systems, including Juniper Networks, Google Play Store, maritime and logistics sectors.

Keypoints :

• UNC3886 targets Juniper Networks’ end-of-life routers with custom backdoors.
• Storm-1865 exploits ClickFix strategy for credential theft in a phishing campaign.
• North Korean group ScarCruft releases malicious apps on Google Play Store collecting sensitive user data.
• LockBit ransomware developer extradited to the U.S. for involvement in cybercrimes.
• Security flaws discovered in ICONICS SCADA system could lead to severe disruptions if exploited.
• New social engineering campaigns aim for Microsoft 365 account takeovers through OAuth redirection.
• Malicious packages found on PyPI repository disguise themselves as legitimate tools but steal sensitive data.
• Switzerland mandates reporting of cyberattacks on critical infrastructure within 24 hours.