One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 3505382 |
| Date de publication | 2021-10-12 17:41:00 (vue: 2021-10-12 18:05:28) |
| Titre | Anomali Cyber Watch: Aerospace and Telecoms Targeted by Iranian MalKamak Group, Cozy Bear Refocuses on Cyberespionage, Wicked Panda is Traced by Malleable C2 Profiles, and More |
| Texte | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Data leak, Ransomware, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Russian Cyberattacks Pose Greater Risk to Governments and Other Insights from Our Annual Report
(published: October 7, 2021)
Approximately 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 have been attributed to the Russian-sponsored threat groups, specifically to Cozy Bear (APT29, Nobelium) associated with the Russian Foreign Intelligence Service (SVR). The United States, Ukraine, and the UK were the top three targeted by them. Russian Advanced Persistent Threat (APT) actors increased their effectiveness from a 21% successful compromise rate to a 32% rate comparing year to year. They achieve it by starting an attack with supply-chain compromise, utilizing effective tools such as web shells, and increasing their skills with the cloud environment targeting. Russian APTs are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% – largely agencies involved in foreign policy, national security, or defense. Following Russia by the number of APT cyberattacks were North Korea (23%), Iran (11%), and China (8%).
Analyst Comment: As the collection of intrusions for potential disruption operations via critical infrastructure attacks became too risky for Russia, it refocused back to gaining access to and harvesting intelligence. The scale and growing effectiveness of the cyberespionage requires a defence-in-depth approach and tools such as Anomali Match that provide real-time forensics capability to identify potential breaches and known actor attributions.
MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Brute Force - T1110
Tags: Fancy Bear, APT28, APT29, The Dukes, Strontium, Nobelium, Energetic Bear, Cozy Bear, Government, APT, Russia, SVR, China, North Korea, USA, UK, Ukraine, Iran
Ransomware in the CIS
(published: October 7, 2021)
Many prominent ransomware groups have members located in Russia and the Commonwealth of Independent States (CIS) - and they avoid targeting this region. Still, businesses in the CIS are under the risk of being targeted by dozens of lesser-known ransomware groups. Researchers from Kaspersky Labs have published a report detailing nine business-oriented ransomware trojans that were most active in the CIS in the first half of 2021. These ransomware families are BigBobRoss (TheDMR), Cryakl (CryLock), CryptConsole, Crysis (Dharma), Fonix (XINOF), Limbozar (VoidCrypt), Phobos (Eking), Thanos (Hakbit), and XMRLocker. The oldest, Cryakl, has been around since April 2014, and the newest, XMRLocker, was first detected in August 2020. Most of them were mainly distributed via the cracking of Remote Deskto |
| Envoyé | Oui |
| Condensat | “as 000 17511 2014 2018 2019 2020 2021 4chan 6kb able about access accessed according account accounts achieve across active activity actor actors add added addition additional additionally administrator administrator’s administrators advanced aerospace affected after agencies ago agrius airflow airflows all allegedly allow allows almost also alternative amazon analyst annual anomali antivirus any apache appears application approach approximately april apt apt28 apt29 apt39 apt41 apts archive are around arsenal arsenal: assessments associated att&ck att&ck: attached attachment attack attackers attacks attributed attribution attributions august authentication authorized authors available avoid aws back bad based bcrypt beacon beacons bear became been behind being belonging bespoke best between bigbobross binaries biotech bitvise blackberry block bot both breach breaches brute business businesses but c2s campaign campaigns can capabilities capability chafer chain change channel charts check chimaera china chinese cis cli client clients; cloud cobalt code code; coding collected collection combination comes command comment: commercially common commonwealth companies company comparing competitor component compressed compromise computing concerned configuration configurations configured confirmed confusion connect connecting connection connections console contains content context control convention copied corporate correlating could covid cozy cracked cracking create creator credential credentials critical cryakl crylock cryptconsole cryptojacking cryptomalware cryptominers crysis currently curseforge custom customizable cve cyber cyberattacks cybereason cyberespionage cybersecurity dangerous data database datastore default defence defenders defense defined deletes deletion deobfuscate/decode dependencies dependency deploy depth describe desktop detailing detected detection development dharma diamorphine dictionary didn’t directory disable discovered discovery discuss discussed discussions disk disks disruption distributed documented domain domains dots down dozens dragon: drawing draws dropbox dubbed due dukes dumping during each east editing effective effectiveness eking employed encoding encrypt encrypted encrypting encryption encrypts energetic energy enhanced enjoys ensure enterprise entire entities environment environments error errors espionage esxi europe evaded even every example execution exfiltration experts: exploit expose exposed exposure external extra extracting extremely facing factor families fancy fcker feature fields figure file files finance find firm's firm’s firms first fix follow following fonix force foreign forensics found from functionalities gaining games gaming gathering geolocation german get gets” ghostshell ghostshell: github glimpse global going government governments gpu greater group groups growing hacktivist hakbit half handling hardcoded harvesting has hashing have headers health healthcare heavily help hidden highly hijacking host hosting hours how http identical identification identified identify identity igdb imageboard images impact implement implementation important impressive improve includes including increased increasing increasingly independent india indian indicator industries info information infosec infrastructure ingest ingress initial insecure inside insight insights installed instance instances instead instrumentation intelligence interface internal internet interpreter intezer introduced intrusions investigated investigation involved ioc iocs iran iranian issues iteration iterations itg07 its itself july jumped june just kaspersky keep kits kitten known korea labs language largely launched layer leak leaked least leaving legitimate lesser levels likely limbozar limit limited line linux located log logic login logs long look low lures machine machines made magazine main mainly majority malicious malkamak malleable malware managed management manufacturing many masquerading masscan match materials may media members mfa microsoft middle m |
| Tags | Ransomware Malware Tool Threat Guideline Prediction |
| Stories | APT 41 APT 41 APT 39 APT 29 APT 29 APT 28 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.