Daily NCSC-FI news followup 2021-03-06

Chinas RedEcho accused of targeting Indias power grids

blog.malwarebytes.com/vital-infrastructure/2021/03/chinas-redecho-accused-of-targeting-indias-power-grids/ RedEcho, an advanced persistent threat (APT) group from China, has attempted to infiltrate the systems behind Indias power grids, according to a threat analysis report from Recorded Future [PDF].. It appears that what triggered this attempt to gain a foothold in Indias critical power generation and transmission infrastructure, was a tense standoff at Pangong Tso lake in May 2020. However, the report by Recorded Future, a cybersecurity company specializing in threat intelligence, claims that RedEcho were on the prowl way before this time.

Ransomware gang plans to call victim’s business partners about attacks

www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/ The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments. The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware.

Countering Cyber Proliferation: Zeroing in on Access-as-a-Service (PDF)

www.atlanticcouncil.org/wp-content/uploads/2021/03/Offensive-Cyber-Capabilities-Proliferation-Report.pdf ENFER (a cryptonym), is a contractor operating in the Russian Marketplace, which allegedly partakes in offensive operations under the direct instruction of the Russian Federal Security Service (FSB).

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021. CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 scriptas soon as possibleto help determine whether their systems are compromised. For additional information on the script, see Microsofts blog HAFNIUM targeting Exchange Servers with 0-day exploits.

Spotting the Red Team on VirusTotal!

isc.sans.edu/forums/diary/Spotting+the+Red+Team+on+VirusTotal/27174/ Many security researchers like to use the VirusTotal platform. The provided services are amazing: You can immediately have a clear overview of the dangerousness level of a file but…. VirusTotal remains a cloud service. It means that, once you uploaded a file to scan it, you have to consider it as “lost” and available to a lot of (good or bad) people! In the SANS FOR610 training (“Reverse Engineering Malware”), we insist on the fact that you should avoid uploading a file to VT!

Check to see if youre vulnerable to Microsoft Exchange Server zero-days using this tool

www.zdnet.com/article/check-to-see-if-youre-vulnerable-to-microsoft-exchange-server-zero-days-using-this-tool/ Microsoft’s Exchange Server team has released a script for IT admins to check if systems are vulnerable to recently-disclosed zero-day bugs. As noted in an alert published by the US Cybersecurity and Infrastructure Security Agency (CISA) on Saturday, Microsoft’s team has published a script on GitHub that can check the security status of Exchange servers.

A new type of supply-chain attack with serious consequences is flourishing

arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/ A new type of supply chain attack unveiled last month is targeting more and more companies, with new rounds this week taking aim at Microsoft, Amazon, Slack, Lyft, Zillow, and an unknown number of others. In weeks past, Apple, Microsoft, Tesla, and 32 other companies were targeted by a similar attack that allowed a security researcher to execute unauthorized code inside their networks.. The latest attack against Microsoft was also carried out as a proof-of-concept by a researcher. Attacks targeting Amazon, Slack, Lyft, and Zillow, by contrast, were malicious, but its not clear if they succeeded in executing the malware inside their networks.

You might be interested in …

Daily NCSC-FI news followup 2019-10-25

Cachet Financial Reeling from MyPayrollHR Fraud krebsonsecurity.com/2019/10/cachet-financial-reeling-from-mypayrollhr-fraud/ When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which […]

Read More

Daily NCSC-FI news followup 2021-01-04

Näin tietomurto näkyy Suomessa: “Suurehkoja organisaatioita sekä yksityiseltä että julkishallinnon puolelta” www.is.fi/digitoday/tietoturva/art-2000007719171.html Viranomaisella on tiedossa Suomessa noin kymmenen organisaatiota, joissa on käytetty haavoittuvaa SolarWindsin ohjelmistoversiota. SolarWinds Orion Platformia käytetään myös Suomessa. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskuksen tietoturva-asiantuntija Helinä Turusen mukaan viranomaisilla on tiedossa “kymmenkunta organisaatiota”, joissa on käytetty haavoittuvaa ohjelmistoversiota. China’s APT hackers move to […]

Read More

Daily NCSC-FI news followup 2020-04-20

Taiwan High-Tech Ecosystem Targeted by Foreign APT Group: medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730 – From what we found even those who use VPNs are at risk even more so than usual. Read below to see how and what to do about it. The main objective of these attacks was the exfiltration of intellectual property, such as documents on integrated […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.