The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, DLL Side-Loading, Living off the Land, Operational technology, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Shadow Force Group's Viticdoor and CoinMiner
(published: May 27, 2023)
Shadow Force is a threat that has been targeting South Korean organizations since 2013. It primarily targets Windows servers. Ahnlab researchers analyzed the group’s activity in 2020-2022. Shadow Force activities are relatively easy to detect as the actors tend to reuse the same file names for their malware. At the same time, the group has evolved: after March its files often exceed 10MB due to binary packing. The actors also started introducing various cryptocurrency miners and a new backdoor dubbed Viticdoor.Analyst Comment: Organizations should keep their servers updated and properly configured with security in mind. An unusually high CPU usage and overheating can be a sign of the malicious resource hijacking for cryptocurrency mining. Network and host-based indicators associated with Shadow Force are available in the Anomali platform and customers are advised to block these on their infrastructure.MITRE ATT&CK: [MITRE ATT&CK] T1588.003 - Obtain Capabilities: Code Signing Certificates | [MITRE ATT&CK] T1105 - ..
Support the originator by clicking the read the rest link below.
