March 6, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Lazarus APT Group – Active IOCs
October 11, 2021Rewterz Threat Advisory – CVE-2021-41117 – Node.js keypair module
October 12, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
October 11, 2021Rewterz Threat Advisory – CVE-2021-41117 – Node.js keypair module
October 12, 2021
Severity
High
Analysis Summary
The APT group known as StrongPity is back with a new campaign targeting users in different regions. The group has previously targeted financial, industrial, and educational sectors for data exfiltration and to look out for any file or document from a victim’s machine. The group is also known as Promethium and StrongPity, the earliest attack activity of the APT organization can be traced back to 2012. The organization is mainly targeting Italy, Turkey, Belgium, Syria, Europe, and other regions and countries to conduct attacks.
Impact
- Exposure of Sensitive Data
- Information Theft and Espionage
- Data Exfiltration
Indicators of Compromise
Domain Name
- cdn2-state-upd.com
MD5
- 3118385afbd4ebef45b7b230cd5a643e
SHA-256
- 4f4da9dc0e1ce6978140fb851f62080e1ca0dfd0f807a7e7bba0438509cc241f
SHA-1
- d5f925914863d7ac6417e1112261e9f184fd4a72
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.