One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 4180205 |
| Date de publication | 2022-02-25 00:05:00 (vue: 2022-02-25 01:05:52) |
| Titre | Anomali Threat Research Provides Russian Cyber Activity Dashboard |
| Texte | Russian government-sponsored threat actors recently increased their malicious activities[1], which are aligned with Russia’s attack on Ukraine in February 2022.
Russian retaliation for ongoing economic and diplomatic sanctions imposed by many other countries poses a significant risk of further escalation in the cyber sphere. Russian government-sponsored groups are dangerous cyber-actors that are well-resourced and relentless in their attacks, which include espionage, attacks on critical infrastructure, data destruction, and other malicious activities.
To assist our customers, Anomali has released a dashboard focused on Russian-origin actors and Russian cyber activity for ThreatStream users, titled “Russian Cyber Activity.”
The Anomali Threat Research team preconfigured this custom dashboard to provide immediate access and visibility into all known Russian government-related indicators of compromise (IOCs) made available through commercial and open-source threat feeds that users manage on Anomali ThreatStream.
Russian Cyber Activity is focused on seven threat actor groups: Six groups are well-known Russian advanced persistent threat (APT) groups: Berserk Bear, Cozy Bear (APT29), Fancy Bear (APT28), Gamaredon (Primitive Bear), Turla (Venomous Bear), and Voodoo Bear (Sandworm).
Additionally, we’ve included Evil Corp (Dridex, Indrik Spider) group. Although typically financially motivated, its leader is known to work for Russia’s Federal Security Services (FSB) and has conducted cyber operations on behalf of the Russian government.[2]
Anomali customers using ThreatStream, Match, and Lens are able to immediately detect any IOCs present in their environments and quickly consume threat bulletins containing machine-readable IOCs. This enables analysts to quickly operationalize threat intelligence across their security infrastructures, as well as communicate to all stakeholders if and how they have been impacted.
Anomali recently added thematic dashboards that respond to significant global events as part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts. In addition to Russian Cyber Activity, ThreatStream customers currently have access to multiple dashboards announced as part of our recent quarterly product release.
Customers can easily integrate the Russian Cyber Activity dashboard, among others, in the “+ Add Dashboard” tab in the ThreatStream console:
Endnotes
[1] “Attack on Ukrainian Government Websites Linked to GRU Hackers,” Bellingcat Investigation Team, accessed February 24, 2022, published February 23, 2022, https://www.bellingcat.com/news/2022/02/23/attack-on-ukrainian-government-websites-linked-to-russian-gru-hackers/; Joe Tidy “Ukraine crisis: 'Wiper' discovered in latest cyber-attacks,” BBC News, accessed February 24, 2022, published February 24, 2022, https://www.bbc.com/news/technology-60500618.
[2] “Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware,” The U.S. Department of the Treasury, accessed February 24, 2022, published December 5, 2019, https://home.treasury.gov/news/press-releases/sm845. |
| Envoyé | Oui |
| Condensat | “ukraine “+ “attack “russian “treasury 2019 2022 60500618 able access accessed across activities activity actor actors add added addition additionally advanced aligned all although among analysts announced anomali any apt apt28 apt29 are assist attack attacks automate available based bbc bear been behalf behind bellingcat berserk bulletins can com/news/2022/02/23/attack com/news/technology commercial communicate compromise conducted console: consume containing corp countries cozy crisis: critical currently custom customers cyber cybercriminal dangerous dashboard dashboard dashboard” dashboards data december department destruction detect diplomatic discovered dridex easily economic enables endnotes enhancements environments escalation espionage essential events evil fancy february federal feeds financially focused fsb further gamaredon global gov/news/press government group groups groups: gru hackers hackers/; has have how https://home https://www immediate immediately impacted imposed include included increased indicators indrik infrastructure infrastructures integrate intelligence investigation iocs its joe known latest leader lens linked machine made malicious malware manage many match motivated multiple news ongoing open operationalize operations origin other others part performed persistent poses preconfigured present primitive product provide provides published quarterly quickly readable recent recently related release released releases/sm845 relentless research resourced respond retaliation risk russia russia’s russian sanctions sandworm security services seven significant six source speed sphere spider sponsored stakeholders tab tasks team thematic threat threatstream through tidy titled treasury turla typically ukraine ukrainian users using venomous visibility voodoo we’ve websites well which work |
| Tags | Threat Guideline |
| Stories | APT 29 APT 29 APT 28 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.