We are seeing Lazarus Group activity (Event 28716) and have reported and blocked the activity at all customers sites. We have effectively sinkholed the activity to ensure that no customers are able to be attacked. The original report was provided by a partner feed source. In addition we are seeing 77 active malware families active today.
Continued Malicious Router Exploit Attacks
We previously reported Exploits of NetCore Router backdoor access from 104.244.76[.]219 which we continue to see attacks.
We also are seeing activity from 205.185.113[.]213 which is exploiting with remote shell scripts with 2nd generation backdoor attempts.