{
	"id": "124555a8-39ec-4b42-b6b7-552334e9443e",
	"created_at": "2026-04-12T02:21:58.379794Z",
	"updated_at": "2026-04-12T02:22:41.441254Z",
	"deleted_at": null,
	"sha1_hash": "56463cd11e05e5969990aff9ed30732d2e88a8d4",
	"title": "3rd October – Threat Intelligence Report",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 66182,
	"plain_text": "3rd October – Threat Intelligence Report\r\nBy urias\r\nPublished: 2022-10-03 · Archived: 2026-04-12 02:00:39 UTC\r\nOctober 3, 2022\r\nFor the latest discoveries in cyber research for the week of 3rd October, please download our Threat Intelligence\r\nBulletin.\r\nTop Attacks and Breaches\r\nCheck Point Research identified an ongoing, mobile malware campaign that has consistently targeted\r\nUyghurs for at least the past seven years. Attributed to the actor Scarlet Mimic, the malware campaign was\r\ndisguised in multiple baits such as books, pictures, and even an audio version of the Quran.\r\nCheck Point Harmony Mobile provides protection against this threat\r\nHacktivist groups around the world have taken aim at the Iranian regime, as protests throughout the\r\ncountry continue. The groups have been leaking information relating to Iranian government officials, and\r\noffering support to the protesters in sharing information and evading censorship.\r\nMexico’s government has suffered a large-scale hack, with more than 6TB of data being leaked. Included\r\nin the leaked data is sensitive information, such as the president’s medical condition. The hacktivist group\r\n‘Guacamaya’ has assumed responsibility for the hack. The group is notorious in the Latin American region,\r\nand has previously targeted the governments/militaries of Chile, Peru, Colombia, and El Salvador.\r\nPersonal information of 10 million Australians has been stolen in a breach of telecom company Optus. The\r\ndata includes sensitive information, such as passport and healthcare details. While the hackers initially\r\ndemanded a 1M USD ransom, they later retracted their demand due to the high attention drawn to the hack\r\nand the law enforcement operation initiated to identify the attackers.\r\nFollowing September’s ransomware attack on Los Angeles Unified School District, the 2nd largest school\r\ndistrict in the United States, the school district now declared they refuse to pay the ransom. Vice Society,\r\nthe group behind the attack, started leaking data stolen during the attack.\r\nCheck Point Threat Emulation, Anti-Virus and Harmony Endpoint provide protection against this threat\r\n(Ransomware.Win32.Vice.*;  Trojan.Win.ViceSociety.*)\r\nLuxury hotel chain Shangri-La has notified customers of a security breach, resulting in guest information\r\nfrom eight of the chain’s hotels in Southeast Asia being stolen.\r\nAmerican IT firm NJVC has been breached by ransomware group BlackCat. Among the firm’s customers\r\nis the United States Department of Defense.\r\nhttps://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/\r\nPage 1 of 3\n\nCheck Point Anti-Virus, Harmony Endpoint and Threat Emulation provide protection against this threat\r\n(Ransomware.Win.BlackCat; Ransomware_Linux_BlackCat)\r\nA potential LinkedIn social engineering campaign has been discovered, in which threat actors created a\r\nnetwork of fraudulent profiles of CISO executives in fortune 500 companies.\r\nVulnerabilities and Patches\r\n2 zero-day vulnerabilities in Microsoft Exchange have been disclosed, after already being exploited in the\r\nwild. The vulnerabilities allow an authenticated user to gain remote code execution capability on exchange\r\nservers, and have similarities to the notorious 2021 ProxyShell vulnerabilities. While Microsoft has\r\nacknowledged the vulnerabilities (CVE-2022-41040 and CVE-2022-41082) and offered steps for detection\r\nand mitigation, an official patch is yet to be released.\r\nCheck Point Threat Emulation, Harmony Endpoint and IPS provide protection against this threat\r\n(Exploit.Wins.ProxyShell.*; Exploit.Win.ProxyShell; Microsoft Exchange Server Remote Code Execution (CVE-2022-41082); Microsoft Exchange Server Remote Code Execution (CVE-2021-34473); Microsoft Exchange\r\nServer Security Feature Authentication Bypass (CVE-2021-31207))\r\nA critical vulnerability affecting popular mobile messaging platform WhatsApp has been discovered. The\r\ninteger overflow vulnerability could allow an attacker to gain remote code execution capability against the\r\ntarget via video call. WhatsApp has released a security update addressing this threat.\r\nMultiple vulnerabilities and security flaws were found in popular end-to-end encryption library Matrix.\r\nMatrix has published a patch addressing some of the security flaws.\r\nThreat Intelligence Reports\r\nCheck Point Research published a report studying the rising trend of state-mobilized Hacktivism. While in\r\nthe past Hacktivist groups tended not to affiliate themselves with national interests, groups nowadays take\r\npart in state-directed efforts, driven by geopolitical conflicts.\r\nIntelligence reports detailing the recent activities of the North Korean APT groups ZINC and Lazarus\r\nsuggest the groups have been spying on companies of various fields, mostly located in Europe and Asia.\r\nCheck Point Threat Emulation provides protection against this threat (APT.Win.Lazarus.*;\r\nBackdoor.Wins.Lazarus.*)\r\nA new botnet malware dubbed ‘Chaos’ is written by Chinese threat actors, has sophisticated post-infection\r\ncapabilities, and has been used to conduct DDoS attacks on targets in various fields.\r\nResearchers have compiled a report on the techniques used by the Witchetty group. The groups has been\r\nemploying spyware tools targeting governments in the Middle East.\r\nCheck Point Anti-Virus provides protection against this threat (Spyware.Win32.Witchetty.*)\r\nA study of the Brazilian cyber gang Prilex shows that the group, notorious in Brazil for their malware\r\ntargeting ATMs and credit-card cloning, has lately been focusing on developing Point of Sale malware.\r\nhttps://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/\r\nPage 2 of 3\n\nThe American Internal Revenue Service (IRS) has warned Americans of a significant increase in Phishing\r\nscams distributed via SMS during the past few weeks.\r\nBLOGS AND PUBLICATIONS\r\nCheck Point Research Publications\r\nGlobal Cyber Attack Reports\r\nThreat Research\r\nFebruary 17, 2020\r\n“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign\r\nWe value your privacy!\r\nBFSI uses cookies on this site. We use cookies to enable faster and easier experience for you. By continuing to\r\nvisit this website you agree to our use of cookies.\r\nACCEPT\r\nREJECT\r\nSource: https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/\r\nhttps://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://research.checkpoint.com/2022/3rd-october-threat-intelligence-report/"
	],
	"report_names": [
		"3rd-october-threat-intelligence-report"
	],
	"threat_actors": [],
	"ts_created_at": 1775960518,
	"ts_updated_at": 1775960561,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/56463cd11e05e5969990aff9ed30732d2e88a8d4.pdf",
		"text": "https://archive.orkl.eu/56463cd11e05e5969990aff9ed30732d2e88a8d4.txt",
		"img": "https://archive.orkl.eu/56463cd11e05e5969990aff9ed30732d2e88a8d4.jpg"
	}
}