Cyber Threat Report | February 2022


</Reports </ Cybersecurity </ Cybercrime </ News


February 2022 was a busy month for cybersecurity professionals across the globe, as it saw an overall rise in ransomware, malware, and phishing attacks.

Within our news report, we'll provide more details about some of the biggest cybersecurity threats, news, and updates that happened over the course of the past month.

We will look at the new 'wiper' malware that attacked the Ukrainian government and financial sectors.

You'll also find out about the biggest crypto heist in 2022 and the phishing attack that stole $1.7M of NFTs.

February also marked many cybersecurity achievements, and we'll be shining the light on a few of those.

Read on to discover about:

  • The DOJ’s "largest financial seizure ever";
  • The possible master key, that could be saving data, encrypted by the 2021 Hive attacks.

The last month provided multiple benchmarks of how cybersecurity professionals have become vital towards sustaining data safety.

We'd like to take the time to also appreciate all organizations, ensuring that they are protected against malicious threats and various ransomware attacks. 


Cybercrime Breaking News

DDoS and 'wiper' malware attacks in Ukraine

February saw a multitude of attacks directed at the Ukrainian cyberspace; the biggest ones took place on:

  • 15.02 and 16.02 - distributed denial of service (DDoS) attacks temporarily took down the websites for two banks and the Ukrainian army;
  • 23.02 more DDoS and SMS spam attacks were aimed at Ukrainian government and financial services organizations; while at the same time, a more serious 'wiper' malware was spreading.

The malware, also known as HermeticWiper appeared on hundreds of machines.

IBM Security X-Force analyzed how it functions and reported that HermeticWiper "uses a benign partition manager driver (a copy of empntdrv.sys) to perform its wiping capabilities corrupting all available physical drives’ Master Boot Record (MBR), partition, and file system (FAT or NTFS)."

Date stamps on the malware suggest that it has been in preparation during the past two months.


FinTech Updates

The fourth-largest crypto-heist (and the biggest in 2022) targeted the Wormhole platform 

Cybercriminals exploited a vulnerability - 'smart contract' - within Wormhole Portal, a blockchain "bridge" application, to steal 120,000 Ethereum (worth $322 million).

The hackers provided fewer currencies and tricked the platform into releasing more Ether (ETH) and Solana (SOL).

This follows the attack on the decentralized finance (DeFi) platform, Qubit Finance, in January - where cybercriminals stole $80 million.

The cyberattack of the Wormhole platform is the second-largest DeFi hack, following the Poly Network (ETH) exploit that happened in August 2021.

For more information about the biggest crypto heists to date, visit the worldwide tracker.


17 NFTs, worth $1.7M, have been stolen from OpenSea Users due to a phishing attack

Malicious actors took advantage of a new contract update that was being launched by OpenSea.

They copied the details and re-sent the email to OpenSea Users to supposedly transfer their NFTs (non-fungible tokens) to their new contracts.

The 17 members of the OpenSea marketplace, who signed the transaction, triggered the “atomicMatch_.” function, which resulted in having their virtual assets stolen.

In the past couple of years, more and more similar phishing schemes have started to comprise a majority of all ransomware attacks. 

On how to protect your users against them, find our report, which includes other key trends within cybersecurity for 2022.


Microsoft Alert: 'Ice Phishing' on Web3

Microsoft has issued a warning about the rise in 'ice phishing' threats on the web3 - the foundation of blockchain and DeFi technologies.

The 'ice phishing' technique tricks users to authorize cybercriminals to approve their user tokens: once this transaction is complete, hackers have access to user funds. 

What is more: malicious actors can 'ice phish' over a period of time to "drain victims' wallets" in a matter of minutes.

Visit the Microsoft 'Ice phishing’ on the blockchain report to learn more on how you can stay vigilant and protected against these attacks.


Cybersecurity Achievements

DOJ seizes $3.6 billion in stolen cryptocurrency from 2016 Bitfinex hack

Two individuals were arrested in connection with conspiring to launder 119,754 bitcoins ($4.5 billion) during the 2016 Bitfinex hack.

The Department of Justice disclosed that this is their  "largest financial seizure ever" - of more than 94,000 Bitcoin assets (​​$3.6 billion).

You can watch the full video announcement from the DOJ.


South Korean researchers discover a method to retrieve data that was encrypted by the Hive ransomware attacks 

The team studied the Hive ransomware attacks that took place in June 2021 to discover vulnerabilities within the encryption algorithm.

The academics' paper reveals that they have been able to recover 95% of the "master key" - that can decrypt between 82% to 98% of the compromised data.

The Hive RaaS program first appeared in June 2021 and has victimized at least 355 companies to this date.


Reported decrease in Log4Shell exploits through February

Despite the low number of attempts, this threat is yet not to be disregarded, as the Log4Shell affected 93% of enterprise cloud environments in December 2021.

As an update, focusing on the Log4Shell vulnerability is one of the new Cyber Safety Review Board's tasks.

Our January 2022 report included more details about the vulnerability.


Other Sector News

  • Small cybercrime group has been persistently targeting aviation, defense, transportation, and manufacturing industries since 2017. Under the code name TA2451, the organization uses spear-phishing campaigns to compromise systems via a variety of remote access trojans (RATs). Read the full HackerNews article to find out more information about the way their operation works.
  • Shell re-routed its oil supplies due to a ransomware attack on two German companies, affecting cities in northern Germany.
  • FBI issues warning about lurking malicious actors, exploiting security weaknesses on recruitment websites.


AMATAS will continue to monitor this space and deliver salient information regularly. 

Stay tuned for our next report and if you are interested in any of our privacy and cybersecurity services, please do reach out through our website or by e-mailing

As always – be vigilant, stay alert, think twice.

Ralitsa Kosturska in AMATAS