Activity Summary - Week Ending 10 September 2021:

• Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
• Analysts identified 1,034 new IP addresses participating in various Botnets
• 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
• Sality Malware Variant seen 42252 times this past week
• Hive Ransomware Alert
• STRRAT RAT
• FIN7 again
• Microsoft and $20 billion in Cyber Security
• South Korea and TrickBot Arrest
• To SOAR, or to SIEM

Some things seem to come full circle.  Morse Code was invented in the 1800’s by Samuel Morse when he worked with an electrical telegraph system sending pulses of electric current and an electromagnet.  His code used the pulse and breaks between them to transmit information.  Popular with amateur radio operators, this code is no longer required if you want to get a pilots or air traffic controller license, though these individuals often have a basic understanding of the code. Morse code is a meth

IT companies are making up the majority of organizations being targeted amid new activity by the group behind last year’s SolarWinds supply-chain attack, with at least one victim coming from Microsoft’s customer support ranks. 

On 25 June 2021, the Microsoft Threat Intelligence Center said it was monitoring new activity from the Nobelium threat actor, which Microsoft is calling the group, with the vendor observing password spray and brute-force attacks, among other potential methods and tactics.

In addition to the aggravation of having to find the “car” in a series of pictures, a phishing attack targeting Microsoft users leverages a bogus Google reCAPTCHA system.  Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials.  The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims’ companies.

According

The president of Microsoft, Brad Smith, provided a warning of increasing cyber-threats to society as technology plays a more powerful role in our lives.  This warning delivered during his recent talk at the Consumer Electronics Show (CES) 2021.  Smith delineated the potential enormous benefits and advancements that technologies offer, including in areas like; sustainability, the cyber-threats being faced are correspondingly becoming increasingly concerning. “As computers create all this promise,

Despite attempted to stop the criminal hacking group responsible for managing the Trickbot trojan, they continue malicious activities by introducing new versions that make this malware more difficult terminate.  Trickbot now can offer other malware with Access-as-a Service capabilities (AaaS).  Many cyber threat attacks start with a successful phishing campaign.  This allows for the Trickbot malware trojan to be used as a pathway for ransomware infections and Denial-of-Service Attacks (DDoS atta

Activity Summary - Week Ending 20 November 2020:

• Red Sky Alliance identified 35,859 connections from new unique IP addresses
• Microsoft IP is a compromised C2
• APT 10 – Stone Panda back in the Top 5 Threat Actor Groups
• Capcom Hack - Part II
• Kucoin Exchange Hacked
• Kucoin-activity[.]com - Beware
• Cryptocurrency Challenges
• Plowshares going to Prison
• Black activists in Portland OR doing the Moonwalk
• Sodinokibi using BLM as Registry key

Link to full report: IR-20-325-001-Tactical Cyber Brief325_FINAL.

US Cyber Command, Microsoft, and Europol are attacking Trickbot's malicious infrastructure, ahead of the elections. It won't stop hackers from adapting but is expected to create breathing space during the elections. Check out these slides if you missed the webinar on October 21, 2020 to find out more:

View Webinar

Microsoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet to help protect the November 3^rd US Presidential election and stop the global spread of ransomware and other malware. The botnet has been used to distribute a variety of malicious code, including the Ryuk ransomware variant, which the US government has cited as a potential threat vector against the election. 

Microsoft obtained a court order from the US District Court, East

Hackers are using a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), via Microsoft Word documents containing malicious Visual Basic Application (VBA) macro code, according to a recent Department of Homeland Security (DHS) Cybersecurity and Infrastructure alert (CISA). 

First observed in 2014, the malware was linked to several campaigns tied to North Korea. There are also significant links in code with the NOKKI malware family and researchers possess some evidence that link