--- title: "Weekly Cyber News Updates – week 36 of 2022 | Phish Protection" description: "Today, our personal lives, work lives, and finances are gravitating towards the world of electronic media, mobile computing, and the internet." image: "https://phishprotection.com/og/blog/weekly-cyber-news-updates-week-36-2022.png" canonical: "https://phishprotection.com/blog/weekly-cyber-news-updates-week-36-2022/" --- Quick Answer Today, our personal lives, work lives, and finances are gravitating towards the world of \*\*electronic media\*\*, mobile computing, and the internet. However, the widespread phenomenon poses a \*\*greater risk of fraud\*\*, malicious attacks, and privacy invasions. Hence staying abreast of the latest phishing and breach-related news is the first step toward ensuring strong \[protection from phishing\](/). Here are this week's updates. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-36-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Weekly%20Cyber%20News%20Updates%20%26%238211%3B%20week%2036%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-36-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-36-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-36-2022%2F&title=Weekly%20Cyber%20News%20Updates%20%26%238211%3B%20week%2036%20of%202022 "Share on Reddit") [ ](mailto:?subject=Weekly%20Cyber%20News%20Updates%20%26%238211%3B%20week%2036%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-36-2022%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/09/phishing-prevention-9586.jpg) Today, our personal lives, work lives, and finances are gravitating towards the world of **electronic media**, mobile computing, and the internet. However, the widespread phenomenon poses a **greater risk of fraud**, malicious attacks, and privacy invasions. Hence staying abreast of the latest phishing and breach-related news is the first step toward ensuring strong [protection from phishing](/). Here are this week’s updates. ### Researchers Warn Iranian Hackers Are Spying On Journalists And Government Officials [Cybersecurity](/content/cybersecurity-in-a-nutshell) researchers recently discovered an Iranian state-sponsored hacking group that has been actively targeting journalists, government officials, academics, and opposition leaders **worldwide** for the last seven years. Cybersecurity firm[Mandiant](https://therecord.media/iranian-hackers-spy-on-journalists-and-government-officials-researchers-warn/?web%5Fview=true)published research that states that APT42, the advanced persistent threat group, has links to Iranian intelligence services. Researchers confirmed about 30 cyber operations by APT42 since 2015 (the exact number can be higher). In one of the operations, the hacking group targeted the **pharmaceutical sector** during the onset of COVID-19. At the same time, it pursued foreign and domestic **opposition groups** before the recent Iranian presidential elections. While researchers cannot ascertain the size of the gang, they confirmed that it is well-sourced because there is evidence of \[APT32\](.) actors procuring new infrastructure frequently and carrying out surveillance and **credential harvesting operations**. Interestingly, Albania announced (on the same day as the Mandiant report) that it was expelling Iranian embassy staff and cutting [diplomatic ties with Iran](https://www.voanews.com/a/saudi-arabia-iran-agree-to-normalize-diplomatic-ties-/7000681.html). The Albanian government websites suffered a **cyberattack** two months ago, which they believe was carried out by Tehran. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2022/09/phishing-prevention-9586.jpg) After the announcement, Albania became the **first NATO country** to cut off diplomatic ties with Iran in response to a [cyberattack](https://www.standard.co.uk/news/world/us-launched-cyberattack-on-iran-weapons-system-as-donald-trump-backs-away-from-conventional-military-strike-in-response-to-downing-of-drone-a4173686.html). ### Shopify Fails to Prevent Known Breached Passwords According to a report, Shopify, the eCommerce provider, uses **weak password policies** on its website’s customer-facing portion. It states that Shopify requires its customers to create a password of at least five characters long , which does not contain a space at the beginning or end. [Specops researchers](https://thehackernews.com/2022/09/shopify-fails-to-prevent-known-breached.html?&web%5Fview=true)analyzed a billion passwords known to have suffered a breach and discovered that 99.7% of the passwords adhered to Shopify requirements. The report adds that while the findings do not suggest that Shopify customers’ passwords were breached, they underscore the **dangers of using weak passwords**. Thus, the fact that numerous passwords comply with Shopify’s minimum password requirements is a worrying reminder for **Shopify customers**. A Hive Systems study echoed the dangers of creating weak passwords. Researchers examined the time required to **brute-force crack passwords** of different lengths and with varying complexity levels. _According to the findings, hackers can crack a five-character password instantaneously, regardless of complexity._ Thus, the ease with which [cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) can decrypt shorter passwords using brute force must compel organizations to require complex passwords **at least** **12 characters long**. \*\* \*\* ### QNAP Warns About DeadBolt Attacks Which Exploit Zero-Day Vulnerabilities QNAP warned customers about the DeadBolt [ransomware attacks](/resources/ransomware-attack-why-organizations-pay-ransom) that exploit a **zero-day vulnerability** in the Photo Station and encrypt NAS devices connected to the internet. About the attack The operators exploit the[zero-day](https://cyware.com/news/qnap-warns-against-deadbolt-attacks-exploiting-zero-day-vulnerabilities-b0b4198b)to encrypt the infected systems’ content. - \_ Once the device gets encrypted, the ransomware modifies the name of the excerpted files and removes the QNAP NAS login page, displaying a warning message. The hijacked QNAP login screen shows a ransom note that demands a $1,277 payment to receive a decryption key for recovering the files. The ransom note includes a link pointing to a webpage that asks for a $212,000 payment to display technical details of the zero-day vulnerability in QNAP NAS. Furthermore, the attackers have put the QNAP master [decryption key](https://sensorstechforum.com/what-is-decryption-key/) **on sale for 50 BTC**, allowing the ransomware family’s victims to decrypt their files for a fee. QNAP **patched** the security flaw, but the attacks continue. The widespread nature of the attacks was confirmed by the Taiwanese vendor, owing to an increased submission of ID ransomware samples. ### Attackers Sell Classified NATO Documents On Dark Web After Stealing From Portugal The Portuguese agency EMGFA ([Armed Forces General Staff agency of Portugal](https://securityaffairs.co/wordpress/135480/data-breach/nato-docs-stolen-from-portugal.html?web%5Fview=true)) suffered a cyberattack recently in which attackers stole Classified **NATO documents** and offered them for sale on the dark web. The Estado-Maior-General das Forças Armadas or EMGFA is Portugal’s **supreme military body** responsible for planning, controlling, and commanding the Portuguese Armed Forces. The Portuguese news outlet Diário de Notícias reported, “The EMGFA, commanded by Admiral Silva Ribeiro, the Chief of Staff, became a victim of an unprecedented and prolonged cyberattack, resulting in the [exfiltration](https://www.blackfog.com/what-you-need-to-know-about-data-exfiltration/) of classified NATO files .” News agency sources consider the **security breach grave** because numerous confidential documents forwarded by NATO to Portugal were up for sale on the [darknet](https://www.bleepingcomputer.com/news/security/darknet-drug-markets-move-to-custom-android-apps-for-increased-privacy/). > “It was an **undetectable** and prolonged cyberattack, using [bots](https://www.techtarget.com/whatis/definition/bot-robot) designed to detect such documents, which got removed in several stages later ,” explained a source. The Cybercriminals published samples of the documents online as **proof of the hack**. US Information Services spotted the documents and alerted the US embassy in Lisbon immediately, which alerted the Portuguese authorities. ### The US Recovers $30 Million that Lazarus Hackers Stole from Axie Infinity The US government seized **cryptocurrency tokens** worth[$30 million](https://www.bleepingcomputer.com/news/security/us-recovers-30-million-stolen-from-axie-infinity-by-lazarus-hackers/?&web%5Fview=true)stolen by ‘Lazarus,’ the North Korean threat group. The attackers stole it from Axie Infinity, the token-based ‘play-to-earn’ game, earlier in the year. The US government took the help of FBI agents and [blockchain analysts](https://www.ziprecruiter.com/career/Blockchain-Analyst/What-Is-How-to-Become) and announced the retrieval during the AxieCon event. The event hosts described it as a community achievement completed through collaboration between private entities and multiple **law enforcement** **agencies**. The Chainalysis report said that it was the first time any agency had **seized stolen cryptocurrency** from a North Korean hacking group. The Chainalysis Crypto Incident Response team played a key role in the seizures, using **advanced tracing techniques** and following stolen funds to the cash-out points. Furthermore, it liaised with industry players, law enforcement, and industry players to quickly freeze the funds . The [seized](https://thehackernews.com/2022/11/interpol-seized-130-million-from.html) money will move into **Axie Infinity’s** **treasury** and, eventually, to the players’ community . But, the game’s publishers said the process might take several years. ![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2022/09/phishing-prevention-tips-5793.jpg) ### Snake Keylogger Attacks IT Firm in the US. Researchers spotted a[new malspam campaign](https://cyware.com/news/snake-keylogger-targets-it-firm-in-the-us-aec48dfd)containing **Snake** **Keylogger** that used phishing emails sent to corporate IT organizations’ managers. How does the campaign work? According to Bitdefender, Hackers used IP addresses from Vietnam in the attack. The [phishing emails](/content/stop-phishing-emails/) targeted thousands of people’s inboxes in the US Cybercriminals spoofed the corporate profile of Qatar’s cloud and IT service provider and fooled the victims into clicking on a ZIP archive contained in the emails. _The archive had an exe file (CPMPANY PROFILE\[.\]exe) that **installed the payload** on the host system and exfiltrated the data using **SMTP**._ About Snake Keylogger Snake Keylogger (or 404 Keylogger) is an [information-stealer](https://cybelangel.com/what-are-infostealers/) that steals sensitive documents from clipboard contents and compromised systems. It is also capable of keyboard logging and taking screenshots. Security researchers spotted the stealer in late 2020, which was available on **underground marketplaces** for a small price, based on the level of service demanded by the customer. ### Latest Phishing Campaign Spoofs Avanan **Spoofing brands** is a common [phishing](/resources/what-is-phishing) form. Also called[Brand impersonation](https://www.avanan.com/blog/new-phishing-campaign-spoofs-avanan?&web%5Fview=true), it aims to exploit an organization’s recognition and goodwill to accomplish two things: Fool security protocols and enter the inbox. Fool victims into sharing personal credentials. Researchers at Avanan recently discovered a **malicious campaign** that spoofed their brand. The email contained a link that led to a [credential harvesting](https://www.darkreading.com/edge-threat-monitor/credential-harvesting-is-retail-industry-s-top-threat) page. Some of the emails were more convincing than others, but **aware users** could have easily spotted the campaign because the email address had nothing to do with Avanan. The email address mentioned “unread aviation emails,” which doesn’t make sense in the context. Although brand impersonation is rising these days, if you get a similar email from Avanan, it is a good idea to **double-check**, the company’s post reads. ### Chinese Attackers Target Government Officials in Europe, Middle East, and South America A Chinese hacking group was linked to a phishing campaign[infecting government officials](https://thehackernews.com/2022/09/chinese-hackers-target-government.html?&web%5Fview=true)‘ systems in Europe, the Middle East, and South America with a sophisticated malware called PlugX. According to the **Cybersecurity firm** Secureworks, the intrusions started in June and July 2022 , demonstrating the adversary’s continued focus on infiltrating government systems worldwide. “PlugX, the modular [malware](/content/protection-against-malware/what-is-malware), contacts a **C2 (command and control)** **server** for tasking and downloads additional plugins to enhance the capability beyond information gathering,” Secureworks’ CTU (Counter Threat Unit) said in a report. The researchers estimate that the China-based [threat actor](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) has been active since July 2018 and likely leverages publicly available and proprietary tools to collect data and compromise its targets. It’s also known by other names like HoneyMyte, Red Lich, Mustang Panda, and Temp. Hex. One of the primary tools it uses is [PlugX](https://logrhythm.com/blog/deep-dive-into-plugx-malware/), a **remote access trojan** widely shared among Chinese adversaries . ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Weekly Cyber News Updates – week 36 of 2022","description":"Today, our personal lives, work lives, and finances are gravitating towards the world of electronic media, mobile computing, and the internet.","url":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-36-2022/","datePublished":"2022-09-16T09:31:13.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-09-16T09:31:13.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-36-2022/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1508,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/09/phishing-prevention-9586.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Weekly Cyber News Updates – week 36 of 2022","item":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-36-2022/"}]} ```