IronNet’s November Threat Intelligence Brief
As we look back on October, we have much to report on: from Russia upping their nation-state attacks by groups such as APT29 (aka, Nobelium) and APT28 (aka, FancyBear) to Microsoft’s report detailing APT29’s latest phishing campaign targeting the IT supply chain. Abusing the trust in IT supply chain relationships, ... Read More
IronNet’s October Threat Intelligence Brief
As we look back on September, we have much to report on: from a widespread credential phishing campaign leveraging open redirects in conjunction with reCAPTCHA to the cloud security firm Wiz's recent discovery of four new vulnerabilities in the Open Management Interface (OMI) of Linux-based Azure virtual machines (VM). The ... Read More
IronNet’s October Threat Intelligence Brief
As we look back on September, we have much to report on: from a widespread credential phishing campaign leveraging open redirects in conjunction with reCAPTCHA to the cloud security firm Wiz's recent discovery of four new vulnerabilities in the Open Management Interface (OMI) of Linux-based Azure virtual machines (VM). The ... Read More
IronNet’s September Threat Intelligence Brief
As we look back on August, ransomware remains the name of the cyber attack game.A new ransomware familycalled LockFile has surfaced to target victims in various industries around the globe. First seen on the network of a U.S. financial organization on July 20th, LockFile’s latest activity was observed on August ... Read More
The August IronNet Threat Intelligence Brief
July was yet another busy month in the world of cybersecurity. On July 19th, the U.S. government and its allies—including the European Union, the Five Eyes countries, and NATO—publicly condemned and blamed the People’s Republic of China (PRC) for a series of malicious cyber attacks, including the Microsoft Exchange Hacks, ... Read More
The July IronNet Threat Intelligence Brief
Russia once again dominated headlines lat month as both the REvil ransomware gang and APT 28 - SkinnyBoy (SB) were linked to numerous attacks. On the heels of the latest REvil attack on Kaseya this past week, the ransomware group targeted Sol Oriens, a U.S. federal nuclear contractor that consults ... Read More
The June IronNet Threat Intelligence Brief
As we look back on May, it’s clear that adversaries across the globe were rampant — from the ransomware attack of the Colonial Pipeline in the U.S. to the Conti ransomware attack of the Health Service Executive (HSE) in Ireland. Meanwhile, on May 27, Microsoft announced that Nobelium, the threat ... Read More
The IronNet April Threat Intelligence Brief
While the fallout of the SolarWinds/SUNBURST attack continues to unfold, China also has entered the threat landscape. Though the APT group HAFNIUM is believed to have been exploiting flaws in on-premise Microsoft Exchange servers since January 6th, 2021, Microsoft publicly acknowledged the vulnerabilities on March 2nd and released several security ... Read More
The March IronNet Threat Intelligence Brief
The ongoing fallout of the SolarWinds/SUNBURST attack continues to take center stage in cybersecurity news. Although there were some recent concerns about another wave of SolarWinds-related threats, this is not entirely accurate. While Russia may be at it again on a broad scale, their latest threat appears to use a ... Read More
