Anomali Cyber Watch: APT31 Targeting French Home Routers, Multiple Microsoft Vulnerabilities, StrongPity Deploys Android Malware, and More

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cryptojacking, Downloaders, Malspam, RATs, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.

Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Trending Cyber News and Threat Intelligence

Windows “PetitPotam” Network Attack – How to Protect Against It

(published: July 21, 2021)

Microsoft has released mitigations for a new Windows vulnerability called PetitPotam. Security researcher, Gilles Lionel, created a proof-of-concept script that abuses Microsoft’s NT Lan Manager (NTLM) protocol called MS-EFSRPC (encrypting file system remote protocol). PetitPotam can only work if certain system functions that are enabled if the following conditions are met: NTLM authentication is enabled on domain, active directory certificate services (AD CS) is being used, certificate authority web enrollment or certificate enrollment web service are enabled. Exploitation can result in a NTLM relay attack, which is a type of man-in-the-middle attack.Analyst Comment: Microsoft has provided mitigation steps to this attack which includes disabling NTLM on a potentially affected domain, in addition to others.Tags: Vulnerability, Microsoft, PetitPotam, Man-in-the-middle

APT31 Modus Operandi Attack Campaign Targeting France

(published: July 21, 2021)

The French cybersecurity watchdog, ANSSII issued an alert via France computer emergency response team (CERT) discussing attacks ..

Support the originator by clicking the read the rest link below.