The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Backdoor, GoldenSpy, Phishing, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Iranian Hackers Attack Exposed RDP to Deploy Dharma Ransomware
(published: August 24, 2020)
A new group of threat actors have been targeting businesses with Dharma ransomware. The group, likely from Iran, have been targeting China, India, Japan, and Russia. Using Masscan, a port scanner, the group scans IP ranges for exposed remote desktop connections (RDP). Once an IP is identified, NLBrute is used to brute force a list of RDP passwords until finding one that works. The ransomware demand is between $11,700 - $59,000.Recommendation: Ransomware is a continually evolving threat. It is paramount to have a comprehensive and tested backup solution in place. If a reproducible backup is not available, there may a decryptor available that can assist in retrieving encrypted files. Additionally, educate your employees about the dangers of downloading applications when they are not offered from the website of the official provider/developer.MITRE ATT&CK: [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | weekly threat briefing cryptominers phishing group
