IronNet’s September Threat Intelligence Brief 2022

| | Threat Intel Briefs
Microsoft releases a report on its disruption of a Russian cyber-espionage group called SEABORGIUM (COLDRIVER) that has targeted over 30 organizations since the beginning of 2022, primarily in NATO countries and in the sectors of defense consulting, NGOs, IGOs, think tanks and higher education ... Read More

IronNet’s August Threat Intelligence Brief 2022

| | Threat Intel Briefs
Discovered in January 2022, ChromeLoader is a multi-stage browser hijacker/adware campaign that has impacted various victims around the world. ChromeLoader is a multi-stage malware family, meaning each variant has a similar looking infection chain, such as the use of malicious browser extensions in all of the versions, but also contains ... Read More

IronNet’s July Threat Intelligence Brief 2022

On June 18th, an IronNet customer in the education sector was targeted in a ransomware attack. Initial investigation of the compromise points to the BlackCat ransomware group as the possible threat actor behind this intrusion. It is unclear at this time how the threat actors gained initial access; however, we ... Read More

IronNet’s June Threat Intelligence Brief 2022

On May 4th, Cybereason released a report on a malicious cyberattack campaign by the Chinese state-sponsored APT, Winnti group. The campaign, dubbed Operation CuckooBees, has been targeting technology and manufacturing companies in North America, Western Europe, and East Asia since at least 2019. Using both known and previously undocumented malware ... Read More

IronNet’s May Threat Intelligence Brief 2022

On April 12th, the Ukrainian CERT (CERT-UA) reported that the Russian Sandworm Team targeted high-voltage electrical substations in Ukraine using a new variant of a malware known as Industroyer (aka, Crash Override). The Sandworm Team, which is associated with the Russian GRU, previously used the original Industroyer variant to compromise ... Read More

IronNet’s April Threat Intelligence Brief 2022

The Lapsus$ Group is a cybercriminal group that has attracted much attention after a spate of high-profile attacks on technology companies, including Microsoft, Okta, Samsung, NVIDIA, and Ubisoft. Though the group started turning heads in December 2021 as it expanded its targeting to global technology companies, Lapsus$ has activity dating ... Read More

IronNet’s March Threat Intelligence Brief 2022

On February 24, 2022, Russian President Vladimir Putin approved troops to begin moving into Ukraine-controlled territory. Since the invasion, several cyber attacks - including DDoS attacks, the deployment of wiper malware, and phishing campaigns - have targeted both Ukrainian and Russian public and private entities, and several non-state hacking groups ... Read More

IronNet’s February Threat Intelligence Brief

| | Threat Intel Briefs
In mid-January there were multiple attacks on the Ukrainian government website. Several webpages were wiped and defaced stating that Ukrainian, Russian, and Polish personal data was leaked. Microsoft observed destructive malware activity tracked as DEV-0586 used in intrusion attacks against the Ukrainian government agencies. There has not been any association ... Read More

IronNet’s January Threat Intelligence Brief

| | Threat Intel Briefs
Looking back on December, I will say that the big news in the cyber world was, of course, the Log4j vulnerability. A remote code execution (RCE) vulnerability (CVE-2021-44228) with a CVSS score of 10.0 was identified within Log4j, a Java-based logging utility. Given the popularity of Log4j and Apache's projects, ... Read More

IronNet’s December Threat Intelligence Brief

| | Threat Intel Briefs
As we look back on November, we have much to report on, such as an FBI email hoax, where attackers abused insecure code in the Law Enforcement Enterprise Portal (LEEP) to send thousands of illicit emails about fake cyberattacks using the federal agency's email address (eims@ic[.]fbi[.]gov). Additionally, the Digital Forensics ... Read More
Loading...