The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: Data Breach, Lazarus, Spearphishing, Trojan and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Targeted Attack Leverages India-China Border Dispute to Lure Victims
(published: June 19, 2020)
With recent tensions rising on the India-China border, threat actors are utilizing this as a means to spread malicious documents. The document, titled “India-China border tensions.doc”, contains a PowerShell script that downloads shellcode that in turn extracts Cobalt Strike as the payload. While there has not been any attribution to a threat group, the watermark value found in the beacon configuration has been used previously by the TrickBot Group.Recommendation: All employees should be educated on the risk of opening attachments from unknown senders. Anti-spam and antivirus protection should be implemented and kept up-to-date with the latest version to better ensure security. Documents that request macros to be enabled should be avoided.MITRE ATT&CK: [MITRE ATT&CK] Spearphishing Attachment - T1193 | [MITRE ATT&CK] PowerShell - T1086 | [MITRE ATT&CK] User Execution - T1204 | weekly threat briefing group cobalt covid ransomware
