Chinas RedEcho accused of targeting Indias power grids
blog.malwarebytes.com/vital-infrastructure/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids/ RedEcho, an advanced persistent threat (APT) group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future [PDF].. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and transmission infrastructure, was a tense standoff at Pangong Tso lake in May 2020. However, the report by Recorded Future, a cybersecurity company specializing in threat intelligence, claims that RedEcho were on the prowl way before this time.
Ransomware gang plans to call victim’s business partners about attacks
www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/ The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments. The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware.
Countering Cyber Proliferation: Zeroing in on Access-as-a-Service (PDF)
www.atlanticcouncil.org/wp-content/uploads/2021/03/Offensive-Cyber-Capabilities-Proliferation-Report.pdf ENFER (a cryptonym), is a contractor operating in the Russian Marketplace, which allegedly partakes in offensive operations under the direct instruction of the Russian Federal Security Service (FSB).
Microsoft IOC Detection Tool for Exchange Server Vulnerabilities
us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021. CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 scriptas soon as possibleto help determine whether their systems are compromised. For additional information on the script, see Microsofts blog HAFNIUM targeting Exchange Servers with 0-day exploits.
Spotting the Red Team on VirusTotal!
isc.sans.edu/forums/diary/Spotting+the+Red+Team+on+VirusTotal/27174/ Many security researchers like to use the VirusTotal platform. The provided services are amazing: You can immediately have a clear overview of the dangerousness level of a file but…. VirusTotal remains a cloud service. It means that, once you uploaded a file to scan it, you have to consider it as “lost” and available to a lot of (good or bad) people! In the SANS FOR610 training (“Reverse Engineering Malware”), we insist on the fact that you should avoid uploading a file to VT!
Check to see if youre vulnerable to Microsoft Exchange Server zero-days using this tool
www.zdnet.com/article/check-to-see-if-youre-vulnerable-to-microsoft-exchange-server-zero-days-using-this-tool/ Microsoft’s Exchange Server team has released a script for IT admins to check if systems are vulnerable to recently-disclosed zero-day bugs. As noted in an alert published by the US Cybersecurity and Infrastructure Security Agency (CISA) on Saturday, Microsoft’s team has published a script on GitHub that can check the security status of Exchange servers.
A new type of supply-chain attack with serious consequences is flourishing
arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/ A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.. The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but its not clear if they succeeded in executing the malware inside their networks.