What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-06-18 14:00:00 | Couchée et secrète: Découvrir les opérations d'espionnage UNC3886 Cloaked and Covert: Uncovering UNC3886 Espionage Operations (lien direct) |
Written by: Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, Alex Marvi
Following the discovery of malware residing within ESXi hypervisors in September 2022, Mandiant began investigating numerous intrusions conducted by UNC3886, a suspected China-nexus cyber espionage actor that has targeted prominent strategic organizations on a global scale. In January 2023, Mandiant provided detailed analysis of the exploitation of a now-patched vulnerability in FortiOS employed by a threat actor suspected to be UNC3886. In March 2023, we provided details surrounding a custom malware ecosystem utilized on affected Fortinet devices. Furthermore, the investigation uncovered the compromise of VMware technologies, which facilitated access to guest virtual machines. Investigations into more recent operations in 2023 following fixes from the vendors involved in the investigation have corroborated Mandiant\'s initial observations that the actor operates in a sophisticated, cautious, and evasive nature. Mandiant has observed that UNC3886 employed several layers of organized persistence for redundancy to maintain access to compromised environments over time. Persistence mechanisms encompassed network devices, hypervisors, and virtual machines, ensuring alternative channels remain available even if the primary layer is detected and eliminated. This blog post discusses UNC3886\'s intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems, including: The use of publicly available rootkits for long-term persistence Deployment of malware that leveraged trusted third-party services for command and control (C2 or C&C) Subverting access and collecting credentials with Secure Shell (SSH) backdoors Extracting credentials from TACACS+ authentication using custom malware Mandiant has published detection and hardening guidelines for ESXi hypervisors and attack techniques employed by UNC3886. For Google SecOps Enterprise+ customer |
Malware Tool Vulnerability Threat Cloud Technical | APT 41 | ★★★ |
|
2022-03-08 15:00:00 | Est-ce que cela a l'air infecté?Un résumé de l'APT41 ciblant les gouvernements des États américains Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments (lien direct) |
Mise à jour (8 mars): Le message d'origine n'a peut-être pas apporté la clarté totale que CVE-2021-44207 (USAHERDS) avait un correctif développé par des systèmes de renom pour les déploiements applicables sur ouVers le 15 novembre 2021. Mandiant ne peut pas parler des versions, déploiement, adoption, adoption ou d'autres facteurs techniques de ce patch de vulnérabilité au-delà de sa disponibilité.
En mai 2021, Mandiant a répondu à une intrusion APT41 ciblant un réseau informatique du gouvernement de l'État des États-Unis.Ce n'était que le début d'un aperçu de Mandiant \\ sur une campagne persistante d'un mois menée par APT41 en utilisant Internet vulnérable
UPDATE (Mar. 8): The original post may not have provided full clarity that CVE-2021-44207 (USAHerds) had a patch developed by Acclaim Systems for applicable deployments on or around Nov. 15, 2021. Mandiant cannot speak to the affected builds, deployment, adoption, or other technical factors of this vulnerability patch beyond its availability. In May 2021 Mandiant responded to an APT41 intrusion targeting a United States state government computer network. This was just the beginning of Mandiant\'s insight into a persistent months-long campaign conducted by APT41 using vulnerable Internet |
Vulnerability | APT 41 APT 41 | ★★★★ |
|
2020-03-25 07:00:00 | Ce n'est pas un test: APT41 lance une campagne d'intrusion mondiale en utilisant plusieurs exploits This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits (lien direct) |
À partir de cette année, Fireeye a observé chinoisL'acteur APT41 Effectuer l'une des campagnes les plus larges d'un acteur de cyber-espionnage chinois que nous avons observé ces dernières années.Entre le 20 janvier et le 11 mars, Fireeye a observé apt41 Exploiter les vulnérabilités dans Citrix NetScaler / ADC , les routeurs Cisco, et Zoho ManageEngine Desktop Central dans plus de 75 clients Fireeye.Les pays que nous avons vus ciblés comprennent l'Australie, le Canada, le Danemark, la Finlande, la France, l'Inde, l'Italie, le Japon, la Malaisie, le Mexique, les Philippines, la Pologne, le Qatar, l'Arabie saoudite, Singapour, la Suède, la Suisse, les Émirats arabes unis, le Royaume-Uni et les États-Unis.Le suivant
Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers. Countries we\'ve seen targeted include Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA. The following |
Vulnerability | APT 41 APT 41 APT-C-17 | ★★★ |
1
We have: 3 articles.
We have: 3 articles.
To see everything:
Our RSS (filtrered)
