The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: Android Bugs, Exposed PII, REvil Ransomware, Trojans, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Google: Chinese and Iranian Hackers Targeted Biden and Trump Campaign Staffers
(published: June 4, 2020)
Google's Threat Analysis Group (TAG) have determined that campaign staffers for U.S presidential candidates Donald Trump and Joe Biden are being targeted by state-sponsored Advanced Persistent Threat (APT) groups in China and Iran. The Chinese APT group "APT31" (Zirconium) targeted staffers for Joe Biden and the Iranian APT group "APT35" (Newscaster) were targeting Donald Trump staffers. Both groups are known for targeting countries with spearphishing campaigns to gain access and gather intelligence. APT35 had previously targeted Trump's campaign staff in 2019. As of this writing, no attacks have reportedly been successful targeting either party.Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing, how to identify such attempts, and whom to report them to.MITRE ATT&CK: [MITRE ATT&CK] Spearphishing Link - T1192 | weekly threat briefing breaches ransomware remote vulnerabilities
