Threat Actors
Microsoft Investigates Iranian Attacks Against the Albanian Government
Impacted Industries: Public Administration
What You Need To Know:
Microsoft’s latest report showcases their research, their process of attributing the related actors, and the TTPs observed by DART and the MSTIC during an investigation into the attacks against the Albanian government that occurred on 15 July 2022.
Threat Actor
Lazarus and the Tale of Three RATs
Impacted Industries: Manufacturing, Utilities, and Energy related companies
What You Need To Know:
Cisco Talos observed a North Korean state-sponsored threat actor using a previously unknown malware implant. In this campaign, the threat actor’s targets focused on energy companies in Canada, the U.S., and Japan.
Malware
Dead or Alive? An Emotet Story
Impacted Industries: All
What You Need To Know:
A DFIR Report post details an intrusion from May 2022 where a domain-wide compromise started from an Excel document containing the Emotet malware. Since the beginning of the year, DFIR Report has observed an increase in Emotet dropping Cobalt Strike beacons.
Malware
OriginLogger: A Look at Agent Tesla’s Successor
Impacted Industries: All
What You Need To Know:
Palo Alto’s Unit 42 researchers analyzed some malware tagged as Agent Tesla. However, their analysis reveals that they were instead researching OriginLogger.
Malware
You Never Walk Alone: The Sidewalk Backdoor Gets a Linux Variant
Impacted Industries: All; Hong Kong University
What You Need To Know:
ESET researchers discovered a Linux variant of the SideWalk backdoor, first described on July 2, 2021 as StageClient. The backdoor is a custom implant exclusive to SparklingGoblin and shares multiple commonalities with Specter RAT.
Threat Landscape
Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities
Impacted Industries: Healthcare and Social Assistance Services
What You Need To Know:
The FBI warns the healthcare sector of the increasing risks posed by unpatched, legacy, and default configured medical devices.
New TTPs
Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
Impacted Industries: Educational Services, Public Administration, Healthcare and Social Services, and Information
What You Need To Know:
Proofpoint researchers have observed TA453 evolving its TTPs, resulting in campaigns utilizing what Proofpoint informally calls Multi-Persona Impersonation (MPI) phishing attacks.
Exploited Vulnerabilities
CISA Adds 14 Vulnerabilities To It’s Known Exploited Vulnerabilities Catalog
Impacted Industries: All
What You Need To Know:
Based on evidence of active exploitation, CISA has added 14 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Some of the software affected include Windows, Google Chromium, QNAP NAS, and D-Link devices.
Note: You can read how Deepwatch approaches cyber threat intelligence here.
What We Mean When We Say
Estimates of Likelihood
We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.
Confidence in Assessments
Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:
- High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
- Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
- Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.
Share