Securin’s Threat Intelligence – Jan 02, 2023 – Jan 06, 2023

Updated on Jan 5, 2023

This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.

Why play catch up when you can fix it now?

Check out our Threat Intelligence Podcast featuring Top Three Threats of the Week!

Trending Threats

Vulnerabilities to Watch Out For

Trending Threats

Miuuti’s Campaign Against the Gaming Industry

Miuuti Group has recently set its sights on the gaming industry. Since 2015 this group has exploited multiple zero-day vulnerabilities to infiltrate communication software. In recent years, however, they have used two zero-day vulnerabilities to attack several gaming companies – a CVE-unassigned vulnerability and CVE-2021-21220. The first vulnerability allows direct execution of arbitrary codes so attackers can gain a foothold inside the gaming company and conduct further lateral penetration.

CVE-2021-21220 allows the realization of asar hijacking to trigger remote code execution and eventually the takeover of the command center. Both the vulnerabilities have been fixed by the respective companies.

Usually, third-party downloads of gaming software allow such attacks to happen. Gamers need to ensure that they download only the legitimate versions of online games.

Malware Affecting MacOS in 2022

A recent report details the malware that impacted macOS in 2022. Given below are the details of the malware:

Malware Name


Month of Origin

CVEs Associated


A Simple cross-platform backdoor with download and execute capabilities

Jan 2022



A cyber-espionage implant deployed via Safari exploits.

Jan 2022

CVE-2021-30869, CVE-2019-8526, CVE-2021-1789


A crypto-currency miner using open source components

Mar 2022



A multi-platform backdoor using cloud providers for command & control

Mar 2022



An APT group malware backdoor with the ability to construct a custom command & control server

Apr 2022



A malware spread through “typosquatting” of a Rust Crate. Installs persistent Poseidon agent

May 2022



A malware spread through “typosquatting” of a Python package. Installs compiled Cobalt Strike agent

May 2022


VPN Trojan (“COVID”)

A persistent backdoor downloading and executing 2nd-stage payloads from memory

Jul 2022



A malware using cloud providers for command & control.  Exfiltrates documents, keystrokes, and screenshots

Jul 2022



A backdoor delivered via supply-chain attacks. Offers basic capabilities to the remote attacker

Aug 2022



The Alchimist attack framework deploys cross-platform “Insekt” payloads including macOS variants.

Oct 2022



A keychain stealer embedded in the trojanized copy of ResignTool

Nov 2022



A malicious Python package targeting developers and exfiltrating sensitive data through “typosquatting”

Dec 2022



Vulnerabilities to Watch Out For

CVE-2022-43931: Critical Vulnerability in Synology

Synology is a Taiwanese Network-Attached Storage device maker. Recently they fixed a vulnerability that affected their routers configured to run as VPN servers. CVE-2022-43931 occurs in the VPN Plus Server that allows administrators to set up Synology routers as a VPN server to allow remote access to resources behind the router. It can be exploited in low-complexity attacks without requiring privileges on the targeted routers or user interaction and leads to remote code execution..

Synology published a security advisory to patch this vulnerability.

CVE-2022-47523: Critical ManageEngine Bug

ManageEngine urges all their customers to patch a critical security flaw affecting multiple products. CVE-2022-47523 is a SQL injection vulnerability in Password Manager Pro secure vault, PAM360 privileged access management software, and Access Manager Plus privileged session management solution. Exploiting this vulnerability will allow unauthenticated access to the backend database.

ManageEngine released a security advisory to patch this bug.

Multiple Command Injection Vulnerabilities in Fortinet Products

CVE-2022-39947 and CVE-2022-35845 are two critical vulnerabilities in FortiADC web interface and FortiTester respectively.

CVE-2022-39947 can allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. Fortinet released the patches in an  advisory.

CVE-2022-35845 could lead to arbitrary command execution in the underlying shell. However, to exploit this vulnerability an attacker needs authentication. Here is the security advisory for this vulnerability.

Follow our weekly Threat Intelligence Series and podcast for proactive alerts on trending threats.

Share This Post On