ASD/ACSC #APT40 Advisory: 🔥 Information regarding multiple compromise of Australian organizations by APT40 has been observed by the ASD/ACSC and interestingly, the AU government has taken a confrontational approach this time against the state-sponsor. "APT40 has previously targeted organizations in various countries, including Australia and the United States," the agencies said. "Notably, APT40 possesses the ability to quickly transform and adapt vulnerability proofs-of-concept (PoCs) for targeting, reconnaissance, and exploitation operations." Notable CVEs used by APT40: - Log4J - (CVE 2021 44228) - Confluence - (CVE-2021-31207, CVE-2021- 26084) - Microsoft Exchange -(CVE-2021-31207; CVE2021-34523; CVE-2021-34473) Recommendation: 1. Ensure that proper auditing and security monitoring exist for all external facing systems including SOHO devices. 2. Urgently review the list of CVEs above and patch the vulnerabilities immediately. 3. Ensure there are no shadow IT environments deployed within your enterprise environment. Finally, I found it interesting that this adversarial group is determined to not use Phishing and Social Engineering tactic to gain initial access. Aka - Hackyourwayin. https://lnkd.in/gJSA6J5u
Sammy Chuks..’s Post
More Relevant Posts
-
🚀 Great news for Microsoft Sentinel customers as #Microsoft and #ASD Join Forces: Uniting Sentinel and CTIS for Enhanced Cyber Resilience This is the first time globally that such a collaboration has been created with Sentinel to enable public-private exchange of threat intelligence. It is a free capability to download, and will enable Microsoft Sentinel customers who are (or become) partners of CTIS to contribute and consume threat intelligence at machine speed. #Security #Microsoft # Azure # ASD #MSFTAdvocate
Today I am proud to announce the latest delivery in our Microsoft-Australian Signals Directorate Cyber Shield (MACS) initiative. The Sentinel CTIS Connector enables customers of Microsoft Sentinel to plug-and-play with ASD’s Cyber Threat Intelligence Sharing (CTIS) system. This connector (which is available for free!), provides all the plumbing required to enable both the sending and receiving of threat intelligence with the CTIS platform. If you are an existing Sentinel customer, I encourage you to check this out and be part of the nation's collective cyber defence. If you are not a Sentinel customer, well, maybe it's time to have another look 😊 https://lnkd.in/gPiWMpPJ
To view or add a comment, sign in
-
#Collaboration is Crucial: Strong partnerships across public and private sectors are vital for advancing Australia’s cyber resilience and outperforming cyber threat actors. #CTIS Program: The Australian Cyber Security Centre’s Cyber Threat Intelligence Sharing (CTIS) program plays a key role in monitoring and combating cyber threats through real-time information exchange. #Microsoft-ASD Initiative: The Microsoft-Australian Signals Directorate Cyber Shield initiative introduces a new capability for Microsoft Sentinel customers to integrate with the CTIS program, enhancing public-private threat intelligence collaboration. In simple terms, you will now be able to share indicators with ASD, as well as receive threat intelligence back that you can then apply to your threat hunting queries or analytic rules. Microsoft Australian Signals Directorate #Cybershields #threatintelligence #cybersecurity
Today I am proud to announce the latest delivery in our Microsoft-Australian Signals Directorate Cyber Shield (MACS) initiative. The Sentinel CTIS Connector enables customers of Microsoft Sentinel to plug-and-play with ASD’s Cyber Threat Intelligence Sharing (CTIS) system. This connector (which is available for free!), provides all the plumbing required to enable both the sending and receiving of threat intelligence with the CTIS platform. If you are an existing Sentinel customer, I encourage you to check this out and be part of the nation's collective cyber defence. If you are not a Sentinel customer, well, maybe it's time to have another look 😊 https://lnkd.in/gPiWMpPJ
Microsoft and ASD Join Forces: Uniting Sentinel and CTIS for Enhanced Cyber Resilience
news.microsoft.com
To view or add a comment, sign in
-
#Microsoft and #ASD Join Forces with simplified threat intelligence sharing. As Mark Anderson shared in his post #Sentinel customers can now enable bi-directional threat intelligence sharing through the ASD's Cyber Threat Intelligence System (CITS). Why this is so important is that Threat Actors are combining forces and we as defenders need to be doing the same! This connector comes at no additional cost and as you expect with Sentinel is super simple to deploy! Harish, Sam, Kate, Dmitry, Angela, Ben, Gary, Deepika, Herdyan, Mayank, Katie, Ray.
Today I am proud to announce the latest delivery in our Microsoft-Australian Signals Directorate Cyber Shield (MACS) initiative. The Sentinel CTIS Connector enables customers of Microsoft Sentinel to plug-and-play with ASD’s Cyber Threat Intelligence Sharing (CTIS) system. This connector (which is available for free!), provides all the plumbing required to enable both the sending and receiving of threat intelligence with the CTIS platform. If you are an existing Sentinel customer, I encourage you to check this out and be part of the nation's collective cyber defence. If you are not a Sentinel customer, well, maybe it's time to have another look 😊 https://lnkd.in/gPiWMpPJ
Microsoft and ASD Join Forces: Uniting Sentinel and CTIS for Enhanced Cyber Resilience
news.microsoft.com
To view or add a comment, sign in
-
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until August. The Russian cybersecurity company said the campaign primarily targeted Russian government agencies, their contractors, and industrial enterprises. Awaken Likho, also tracked as Core Werewolf and PseudoGamaredon, was first documented by BI.ZONE in June 2023 in connection with cyber attacks directed against defense and critical infrastructure sectors. The group is believed to be active since at least August 2021. The spear-phishing attacks involve distributing malicious executables disguised as Microsoft Word or PDF documents by assigning them double extensions like "doc.exe," ".docx.exe," or ".pdf.exe," so that only the .docx and .pdf portions of the extension show up for users. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools
thehackernews.com
To view or add a comment, sign in
-
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools The ongoing activity cluster has been dubbed "Awaken Likho," in which Russian government agencies and industrial entities have been targeted. "The attackers now prefer to use the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had used earlier to get access to remote systems," Kaspersky described a new campaign that began back in June 2024 and continued at least until August. According to the Russian cybersecurity firm, the campaign focused mainly on government agencies of Russia, their contractors, and industrial enterprise. Awaken Likho, also tracked as Core Werewolf and PseudoGamaredon, is said to have first been discovered by BI.ZONE in June 2023 while tracing attacks against sectors in defense and critical infrastructure. The group is reported to be active at least since August 2021. Spear-phishing attacks involved the spreading of malicious executables masquerading as Microsoft Word or PDF documents, by assigning them double extensions of "doc.exe," ".docx.exe," or ".pdf.exe," so that only the .docx and .pdf parts of the extension show up for the users to open. The opening of these files was, however discovered to trigger the installation of UltraVNC, therefore giving the threat actors complete control over the compromised hosts. According to results from F.A.C.C.T. research obtained earlier this month, other attacks recently released by Core Werewolf targeted a Russian military base in Armenia and a Russian research institute involved in weapons development. One notable new tactic: deploying self-extracting archive (SFX) to covertly drop UltraVNC onto a system as the targets view a seemingly innocuous lure document. Additionally, the newest attack chain unveiled by Kaspersky employs an SFX archive file generated with 7-Zip, which, upon opening, executes a file called "MicrosoftStores.exe," unpacks an AutoIt script for running the open-source MeshAgent remote management tool. "These activities ensure the survival of the APT in the system: the attacker creates a scheduled task that runs a command file, and the latter, in turn, launches MeshAgent to establish a communication link with the MeshCentral server," Kaspersky said. #CyberAttack #Cybersecurity #AscellaInfosec #CyberThreats #DigitalSecurity
To view or add a comment, sign in
-
In the blog post, it discusses a recent cybersecurity report that highlights the resurgence of the Gh0st RAT malware, a notorious remote access tool used by cybercriminals. The report details how this malware variant, dubbed SneakyChef by researchers, has been updated with new capabilities to evade detection and continue infiltrating systems for cyber espionage purposes. Researchers have observed this malware being linked to a threat group named SugarGh0st, known for targeting government entities in East Asia. The article emphasizes the importance of cybersecurity vigilance and the need for organizations to enhance their defenses against advanced and persistent threats like Gh0st RAT. #CyberEspionage #Gh0stRAT #CybersecurityThreats
Spies with upgraded Gh0st RAT appear to be new operation, researchers say
therecord.media
To view or add a comment, sign in
-
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until August. The Russian cybersecurity company said the campaign primarily targeted Russian government agencies, their contractors, and industrial enterprises. Stay connected to @Aashay Gupta, CISM, GCP for content related to Cybersecurity. #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools
thehackernews.com
To view or add a comment, sign in
-
Strengthening Cybersecurity With Public-Private Partnerships
Strengthening Cybersecurity With Public-Private Partnerships
bankinfosecurity.com
To view or add a comment, sign in
-
😈 APT42 in action: cyber attacks in the Middle East The APT42 group uses social engineering to penetrate corporate networks and cloud environments in the West and the Middle East. According to the data, APT42 has been active since 2015 and has conducted at least 30 operations in 14 countries. https://lnkd.in/dDRicRyh APT42's main targets are non-governmental organizations, media, educational institutions, activists and legal services. It is reported that malicious emails with two custom backdoors - Nicecurl and Tamecat - are used to infect targets. Tools allow you to execute commands and steal data. - Nicecurl: A VBScript-based backdoor capable of executing commands, downloading and executing additional payloads, or performing data mining on an infected host. - Tamecat: A more sophisticated PowerShell backdoor that can execute arbitrary PowerShell code or C# scripts, giving APT42 greater operational flexibility for data theft and extensive system manipulation. Tamecat can also dynamically update its configuration to avoid detection #News #APT #arg
To view or add a comment, sign in
-
Microsoft customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks. Once again, nation-state affiliated threat actors demonstrated that cyber operations—whether for espionage, destruction, or influence—play a persistent supporting role in broader geopolitical conflicts. Also fueling the escalation in cyberattacks, we are seeing increasing evidence of the collusion of cybercrime gangs with nation-state groups sharing tools and techniques. Read the newly released Microsoft Digital Defence Report for detailed insights here. #cyberdefence #cybersecurity #microsoftsecurity Abbas Kudrati Emmanuele Silanesu Avinash Lotke Anirudh R. Yuji Takada Jeffrey Yan Daniel Wong Sanjay Iyer Hochul Shin Sameer J. Anand Jethalia Evan Williams Harry Pun Kenneth Chong Sang Jun Park Mitsunori Fujino Naoko Enomoto Kenny Singh Udeesh Millathe Terrie Anderson MAICD Sherri Xiao Marco Naccarato Sachin Kaushik Sachin V. Rathi Anujh Tewari Eugene Teo MSID, MSCS Mick Dunne Jong-whoi Shin (신종회) Minoru Hanamura Min Livanidis
Today, Microsoft Security released its annual Microsoft Digital Defense Report, sharing the insights and trends from cyber-attacks identified between July 2023 and June 2024. Over the past year, we've observed a 2.75x year-over-year increase in human operated ransomware attacks, yet a threefold decrease in the number of attacks reaching the encryption stage over the last two years. Microsoft is committed to safeguarding users and leveraging our research to empower organizations and individuals to confidently embrace digital transformation, with the assurance that their data is protected. To learn more about this fascinating research, check out the report, authored by Tom Burt https://lnkd.in/gjUcnZ_y
Escalating Cyber Threats Demand Stronger Global Defense and Cooperation
blogs.microsoft.com
To view or add a comment, sign in