Today activity has been high with more activity and more severe activity noted from yesterdays report
Activity Observations
Noted APT28 Activity reports and sensor detection/prevention for Downdelph
IronNetInjector which is a Turla malware loader
Silver Sparrow noted on Amazon AWS servers
Bazarloader Valentines Phishing
Ryuk Ransomware is observed increasing activity over previous days
In addition we added the following documents for reference
There have been no documents added for reference in the last 24 hours except normal news and information sources as well as RSS feeds.
Some of our ISAC partners have also provided additional context on some of the above listed events that has been included in our threat intelligence data.
Other Notes
We have been letting customers know to monitor DNS and CDN network activity since 2017. We believe with the Solar Winds Orion incident and others similar to this story by show that we can expect continued targeting of supply chain on companies that would be presumed to have network level access at these companies. We have previously warned that DNS RPZ could be used to backdoor companies computing systems as well as the strange and sometimes unbelievable backdoors in common software observed on the CDN networks. Stay vigilant as we are seeing more and more of this activity. We will be publishing an in dept report on this in the coming days outlining specific examples, samples and other data that will allow you to make your own conclusions.
These are some of the most recent observations. In addition we are still seeing CDN and DNS manipulation that points to malware infections locations. It is not known whom is responsible for these as they are distributed far and wide.
Last Updated: 3:03 PM EST
Comments