IronNet’s September Threat Intelligence Brief 2022
Microsoft releases a report on its disruption of a Russian cyber-espionage group called SEABORGIUM (COLDRIVER) that has targeted over 30 organizations since the beginning of 2022, primarily in NATO countries and in the sectors of defense consulting, NGOs, IGOs, think tanks and higher education ... Read More
IronNet’s August Threat Intelligence Brief 2022
Discovered in January 2022, ChromeLoader is a multi-stage browser hijacker/adware campaign that has impacted various victims around the world. ChromeLoader is a multi-stage malware family, meaning each variant has a similar looking infection chain, such as the use of malicious browser extensions in all of the versions, but also contains ... Read More
IronNet’s July Threat Intelligence Brief 2022
On June 18th, an IronNet customer in the education sector was targeted in a ransomware attack. Initial investigation of the compromise points to the BlackCat ransomware group as the possible threat actor behind this intrusion. It is unclear at this time how the threat actors gained initial access; however, we ... Read More
IronNet’s June Threat Intelligence Brief 2022
On May 4th, Cybereason released a report on a malicious cyberattack campaign by the Chinese state-sponsored APT, Winnti group. The campaign, dubbed Operation CuckooBees, has been targeting technology and manufacturing companies in North America, Western Europe, and East Asia since at least 2019. Using both known and previously undocumented malware ... Read More
IronNet’s May Threat Intelligence Brief 2022
On April 12th, the Ukrainian CERT (CERT-UA) reported that the Russian Sandworm Team targeted high-voltage electrical substations in Ukraine using a new variant of a malware known as Industroyer (aka, Crash Override). The Sandworm Team, which is associated with the Russian GRU, previously used the original Industroyer variant to compromise ... Read More
IronNet’s April Threat Intelligence Brief 2022
The Lapsus$ Group is a cybercriminal group that has attracted much attention after a spate of high-profile attacks on technology companies, including Microsoft, Okta, Samsung, NVIDIA, and Ubisoft. Though the group started turning heads in December 2021 as it expanded its targeting to global technology companies, Lapsus$ has activity dating ... Read More
IronNet’s March Threat Intelligence Brief 2022
On February 24, 2022, Russian President Vladimir Putin approved troops to begin moving into Ukraine-controlled territory. Since the invasion, several cyber attacks - including DDoS attacks, the deployment of wiper malware, and phishing campaigns - have targeted both Ukrainian and Russian public and private entities, and several non-state hacking groups ... Read More
IronNet’s February Threat Intelligence Brief
In mid-January there were multiple attacks on the Ukrainian government website. Several webpages were wiped and defaced stating that Ukrainian, Russian, and Polish personal data was leaked. Microsoft observed destructive malware activity tracked as DEV-0586 used in intrusion attacks against the Ukrainian government agencies. There has not been any association ... Read More
IronNet’s January Threat Intelligence Brief
Looking back on December, I will say that the big news in the cyber world was, of course, the Log4j vulnerability. A remote code execution (RCE) vulnerability (CVE-2021-44228) with a CVSS score of 10.0 was identified within Log4j, a Java-based logging utility. Given the popularity of Log4j and Apache's projects, ... Read More
IronNet’s December Threat Intelligence Brief
As we look back on November, we have much to report on, such as an FBI email hoax, where attackers abused insecure code in the Law Enforcement Enterprise Portal (LEEP) to send thousands of illicit emails about fake cyberattacks using the federal agency's email address (eims@ic[.]fbi[.]gov). Additionally, the Digital Forensics ... Read More