April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Siemens JT2Go and Teamcenter Visualization
May 28, 2021Rewterz Threat Alert – Dridex Banking Malware – Active IOCs
May 28, 2021Rewterz Threat Advisory – ICS: Siemens JT2Go and Teamcenter Visualization
May 28, 2021Rewterz Threat Alert – Dridex Banking Malware – Active IOCs
May 28, 2021
Severity
High
Analysis Summary
More than 150 organizations have been attacked by the Russian Hacker group involved in the SolarWinds breach. A new spearphishing campaign has been identified targeting different organizations in a different score of countries. Threat group UNC2452 which is also known as Dark Halo, and Solorigate, targeted government agencies involved with foreign policy, and international development organizations. It is said that around 3000 emails used by 150 organizations were being sent to different organizations in 24 countries.
Attack Analysis
The email contained a malicious hyper text markup language (HTML) attachment that would execute JavaScript code.That code writes an ISO disc image file to a computer’s storage, with the target being encouraged to open it.Once the user had been tricked into clicking on the ISO image which would mount it, an .LNK shortcut executed an included dynamic link library (DLL) file, which in turn runs an instance of the Cobalt Strike Beacon command and control module.
Impact
- Information theft
- Exposure of sensitive data
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
