Higaisa or Winnti? APT41 backdoors, old and new Parts of the payloads included Cobalt Strike's Beacon. Interestingly, the MO (modus operandi) shares similarities with the Korean group, A quick look into newly discovered TTPs and malware attributed to Winnti (APT41). Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks The SolarLeaks website claims to be selling source code from multiple companiesĬompromised during the SolarWinds compromise. SolarLeaks site claims to sell data stolen in SolarWinds attacks Press release from SolarWinds regarding the recent compromise. New Findings From Our Investigation Of SUNBURST Guessing and password spraying, of the SolarWinds compromise. An advisory about some of the post-exploitation actions, including password Password Guessing Used as a Weapon by SolarWinds Hackers to Breach Targets Malware discovered by Palo Alto in 2017, and tentatively tied to the Turla group. Kaspersky identifies that pieces of the SUNBUSRT code overlap with Kazuar, Sunburst backdoor – code overlaps with Kazuar CrowdStrike breaks down their discovery and analysis of the SUNSPOT malwareĭiscovered during their investigation into the SolarWinds Compromise. Your organization was targeted, as opposed to having a compromised version of Some great clarification about SUNBURST indicators to determine whether or not Robust Indicators of Compromise for SUNBURST The collection may seemĮclectic at times, but my hope is that you'll find these articles just as helpful This Week's Read List (TWRL) is a collection of articles, blog posts, and otherĬontent that I've discovered throughout the last week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |