One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8486904 |
| Date de publication | 2024-04-22 15:04:06 (vue: 2024-04-22 16:08:15) |
| Titre | Faits saillants hebdomadaires, 22 avril 2024 Weekly OSINT Highlights, 22 April 2024 |
| Texte | ## Snapshot Last week\'s OSINT reporting focused on attack activity by APT groups and the infamous FIN7 (tracked by Microsoft as Sangria Tempest). These articles showcase the evolution of threat actor tactics, from FIN7\'s precise spear-phishing campaign targeting a US-based automotive manufacturer with the Anunak backdoor to TA427\'s (Emerald Sleet) strategic information gathering efforts aligned with North Korea\'s interests. ## Description 1. **[Spear-Phishing Campaign by FIN7 (Sangria Tempest) Targeting US-Based Automotive Manufacturer](https://sip.security.microsoft.com/intel-explorer/articles/e14e343c):** BlackBerry analysts detect a spear-phishing campaign by FIN7, tracked by Microsoft as Sangria Tempest, targeting a US-based automotive manufacturer with the Anunak backdoor. The attackers focus on IT department employees with elevated privileges, deploying living off the land binaries (lolbas) and multi-stage processes to mask malicious activity, illustrating a shift towards precise targeting in high-value sectors. 2. **[Information Gathering Tactics of TA427 (Emerald Sleet)](https://sip.security.microsoft.com/intel-explorer/articles/5d36b082):** Proofpoint details the information gathering tactics of TA427, a North Korea-aligned threat actor engaged in benign conversation starter campaigns targeting US and South Korea foreign policy initiatives. TA427 heavily relies on social engineering tactics and web beacons for reconnaissance, impersonating individuals from various verticals to gather strategic intelligence, demonstrating persistence and adaptability in adjusting tactics and infrastructure. 3. **[Analysis of Russia\'s Notorious APT44 (Seashell Blizzard)](https://sip.security.microsoft.com/intel-explorer/articles/24c2a760):** Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. Tracked by Microsoft as Seashell Blizzard, APT44 is actively engaged in espionage, attack, and influence operations to serve Russian national interests. APT44 presents a persistent, high-severity threat to governments and critical infrastructure globally, with a history of aggressive cyber attacks undermining democratic processes and presenting a significant proliferation risk for new cyber attack concepts and methods. 4. **[Zero-Day Exploitation of Palo Alto Networks PAN-OS by UTA0218](https://sip.security.microsoft.com/intel-explorer/articles/958d183b):** Volexity discovers zero-day exploitation of a vulnerability in Palo Alto Networks PAN-OS by threat actor UTA0218, resulting in unauthenticated remote code execution. UTA0218 exploits firewall devices to deploy malicious payloads, facilitating lateral movement within victim organizations, demonstrating highly capable threat actor tradecraft and a clear playbook to further their objectives. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments: - Vulnerability Profile: [CVE-2024-3400](https://sip.security.microsoft.com/intel-profiles/CVE-2024-3400) - Actor Profile: [Sangria Tempest](https://security.microsoft.com/intel-profiles/3e4a164ad64958b784649928499521808aea4d3565df70afc7c85eae69f74278) - Actor Profile: [Seashell Blizzard](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb) - Actor Profile: [Emerald Sleet](https://sip.security.microsoft.com/intel-profiles/f1e214422d |
| Envoyé | Oui |
| Condensat | 2024 3400 365 365/security/defender/microsoft :** about above access access/concept access/overview access policies accordance across actions activate activating actively activities activity actor adaptability additional address adequately adjusting advanced affected after against agent aggressive alert alerts aligned all also alto among analysis analysts anomalous anonymizer anti anunak any april apt apt44 arbitrary are articles associated assume attack attacker attackers attacks attempts authentication automatically automatically identify automotive available backdoor based baseline beacons became because been before benign best binaries blackberry blizzard block blog: breach brings browsers campaign campaigns can capable center centralizing characteristics characteristics check clear code com/azure/active com/cve com/deployedge/microsoft com/intel com/microsoft command community complement complemented compliant compromised concepts conditional configure context continuous continuously contributes control conversation cookie correlating could credential credentials critical customer customers cve cyber date day defaults defender defenders democratic demonstrating department deploy deploying description details detect determined device devices directory directory/conditional directory/fundamentals/concept disabling discovers discussed does driven dynamic edge efforts elevated email emails emerald employees enabling enforced engaged engineering ensures environments: espionage evaluate evaluated evaluation every evolution example execution exploitation exploiting exploits explorer/articles/24c2a760 explorer/articles/5d36b082 explorer/articles/958d183b explorer/articles/e14e343c exposed facilitating faster feature files fin7 firewall firewalls fixed focus focused following foreign found from full fundamentals further gateway gather gathering get globally globalprotect gov/vuln/detail/cve governments granular group groups guidance has heavily high highlights highly history however https://aka https://learn https://nvd https://security https://sip identified identify identities identity identitysecurity illustrated illustrating immediately impact impersonating implement implement improve incident incidents including incoming incorporates individuals infamous influence information infrastructure initiatives injection ins intelligence interests internet invest investigate investigated investigations isolate isp key korea land last later lateral latest launch learn learndoc leverage like links living location lolbas malicious management manufacturer mask mature mdi mdo membership methods mfa microsoft military mitigate mitigation monitor more most movement ms/threatintelblog multi multifactor must national networks networkspan new nist north not notorious objectives ocid=magicti off office 365 one operationally operations organizations organizations: osint other others out palo paloaltonetworks pan payloads persistence persistent phishing place playbook poc policies policy posture practices precise presenting presents prevent previously privileges processes products profile: profiles/3e4a164ad64958b784649928499521808aea4d3565df70afc7c85eae69f74278 profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb profiles/cve profiles/f1e214422dcaf4fb337dc703ee4ed596d8ae16f942f442b895752ad9f41dd58e proliferation proofpoint protect protection provide provider providing public recommendations recommended reconnaissance references regarding relies remote reporting reports requests requirements research respond response restore resulting risk root russia russian sangria scan scope search seashell sectors security serve service services session set severity shift should showcase sign signals significant sleet smartscreen snapshot social solutions solutions that south spear spectrum sponsored stage starter status stolen strategic successfully such summary suspicious ta427 tactics targeting techniques telemetry tempest temporary tenant than that detect theft themselves these those threat threats time togethe |
| Tags | Vulnerability Threat |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.