Skip to content
Try it Free Request Your Demo
    April 22, 2022

    Q1 ’2022 Quarterly Threat Bulletin

    The Uptycs threat research team regularly monitors the TTPs (tactics, techniques and procedures) of the latest malware using our threat intelligence sources and systems. Organizations can use this bulletin as a tool to evaluate and form a more robust detection and protection posture against the latest threats in Windows, Linux and macOS platforms.

    The threat bulletin covers several aspects, such as:

    1. Techniques used by the malware samples in our threat intel sources
    2. Commonly abused commands and utilities in Windows, Linux and macOS platforms
    3. Top prevalent malware families in the wild for Windows, Linux and macOS platforms
    4. Uptycs Threat Research articles published by the threat research team
    5. Threat actors observed for the quarter
    6. Malware/targeted attacks for the quarter
    7. Vulnerabilities/exploits in Windows, Linux and macOS platforms
    8. General recommendations based on our observations

     

    The key highlights of our recently published Q1'2022 threat bulletin are:

    1. As a result of the ongoing Russian invasion of Ukraine, there have been many cyber attacks on Ukraine from the Russian threat actors, including destructive Wipers such as HermeticWiper, IsaacWiper and WhisperGate.
    2. In this quarter, we have observed the following prevalent malware
      1. Emotet and RedLine Stealer are the prevalent malware in Q1 2022 for Windows platforms, taking that spot from Formbook and IcedID in Q4 2021.
      2. Mirai and Prometei were seen in large numbers in Q1 2022 on the Linux platform.
      3. Shlayer continues to be evergreen in action on macOS.
    3. Rundll32.exe is the most abused utility for Windows and openssl has taken the top spot in abused utilities in Linux.
    4. Lapsus$ has disclosed numerous cyberattacks against large companies, with confirmed attacks against NVIDIA, Okta, Samsung, Vodafone, Ubisoft, and Mercado Libre.
    5. Threat actor activity from Primitive Bear APT, MuddyWater, Lazarus, APT27, APT41, OceanLotus, FIN7 has been reported.
    6. A new Linux kernel vulnerability (CVE 2022-0847) has been discovered affecting Linux kernel versions since 5.8 allowing attackers to escalate privilege.
    7. Two Google Chrome zero-day vulnerabilities (CVE-2022-0609 and CVE-2022-1096) were reported to be exploited in the wild.

     

    An excerpt of the Commonly abused commands and utilities in Windows, Linux and macOS platforms (during January 2022 - March 2022) is shown below.

     

     

    Read the full report here

    threat bulletin cta image

     

    Want to learn more about how Uptycs can help you discover hidden threats?

    Come see us at RSA

    New call-to-action

     

    Tag(s): threat research

    Uptycs Threat Research

    Research and updates from the Uptycs Threat Research team.

    Other posts you might be interested in