Rewterz

Rewterz Threat Advisory –CVE-2021-20032 – SonicWall Security Vulnerability

August 16, 2021
Rewterz

Rewterz Threat Alert – XLS HTML Phishing Campaign – Active IOCs

August 16, 2021

Rewterz Threat Alert – APT-C-41 StrongPity – Active IOCs

Severity

High

Analysis Summary

The APT group known as StrongPity is back with a new campaign targeting users in different regions. The group has previously targeted financial, industrial, and educational sectors for data exfiltration and to look out for any file or document from a victim’s machine. The group is also known as Promethium and StrongPity, the earliest attack activity of the APT organization can be traced back to 2012. The organization is mainly targeting Italy, Turkey, Belgium, Syria, Europe, and other regions and countries to conduct attacks.

Impact

  • Exposure of Sensitive Data
  • Information Theft and Espionage
  • Data Exfiltration

Indicators of Compromise

MD5

  • e324079702dac313a849749217eab6bc

SHA-256

  • aff78f9756717ca1b8b046d46565f9f6c85f5757b92643a38fee99d6bd83b439

SHA-1

  • f03a9836dc1f4e5d0228f773f0e0644a5df414f2

Remediation

  • Block all threat indicators at their respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.