Cyber Security Today, July 8, 2022 – IT provider recovering from a cyber attack, more action from Karakurt and Chinese attackers and new Linux malware

IT provider recovering from a cyber attack, more action from Karakurt and Chinese attackers and new Linux malware.

Welcome to Cyber Security Today. It’s Friday, July 8th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


American-based cybersecurity solution provider SHI International, which has offices around world including Canada, France, the U.K. and Hong Kong, is recovering after a cyber attack last weekend. The company said it was the target of what it called “a co-ordinated and professional malware attack.” In a blog it says the incident was swiftly identified and measures were taken to minimize the impact. That included taking websites and email offline. Email service has been restored, but as of Thursday afternoon, when this podcast was recorded, the home page of and the Canadian only showed the incident statement. The company’s normal web pages had been shifted to a domain starting

The Karakurt data theft and extortion group is back. That’s according to researchers at Cyberint, who note at the end of last month the gang launched a new data leak site listing alleged victims. That new site listed 34 organizations. The site offers victims the ability to buy back copied data. There are three categories listed of victims: Those who are unwilling to pay a ransom for stolen data and risk it being publicly released, those whose data is in the process of being published and those whose data is fully published. The strategy is to increase the pressure on organizations to pay before they’re embarrassed by the release of the stolen data. In May researchers at AdvIntel said Karakurt partners with some of those behind the Conti ransomware group.

Here’s something interesting: A Chinese state-supported threat actor is allegedly targeting Russian organizations. That’s the claim made by researchers at SentinelLabs. The attacks use phishing emails to deliver infected Office documents that install a remote access trojan. Ironically, one document purports to be a warning from Russia’s cyber centre to watch for attempts to steal employee passwords. “It remains clear that the Chinese intelligence apparatus is targeting a wide range of Russian-linked organizations,” say the researchers.

A new threat to Linux systems has been found. It’s being dubbed OrBit, and according to a researcher at Intezer once the malware is installed it will infect all of the running processes on a computer or server. The report doesn’t say how the malware is distributed — through email or an application weakness or another method. But it does say the malware gains persistence on the machine by hooking into key functions, giving the attacker remote access capabilities over SSH, stealing credentials, and logging TTY commands.

Application developers using the OpenSSL library for implementing the SSL and TLS security protocols should install the latest version of the platform. That’s because the project has released patches to close a high-severity bug. You should be using version 3.0.5.

Finally, network administrators using Apache HTTP Server version 2.4.5 are urged to update to the latest version. That’s version 2.4.54 or above. It closes a memory allocation vulnerability that could cause a denial of service, according to a report in The New Stack.

Later today the Week in Review edition will be out. Guest Terry Cutler of Cyology Labs will be here to discuss how to start a career in cybersecurity.

Remember links to details about podcast stories are in the text version at

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Sponsored By:

Cyber Security Today Podcast