The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Malware, Phishing, Remote Access Trojans, Viruses, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Iranian-sponsored Advanced Persistent Threat (APT) groups are prioritizing the exploitation of vulnerabilities found in enterprise VPN servers, such as those sold by Palo Alto Networks and Forinet, according to a report published by researchers at security firm ClearSky. The report highlights the technical offensive capabilities of Iranian APT groups, and suggests a considerable interest in exploiting brand new VPN vulnerabilities in order to plant backdoors in companies internationally. According to ClearSky, in 2019, Iranian groups exploited VPN vulnerabilities disclosed by Pulse Secure, Fortinet, and Palo Alto Networks (CVE-2019-11510, CVE-2018-13379, and CVE-2019-1579), and attacks are continuing into 2020. The attacks appear to be the work of at least three Iranian APT groups working collectively (APT33, APT34, and APT39) and are likely surveillance and reconnaissance-based. However, infected networks could be weaponized to take down business operations in the future, as data-wiping malware have been linked back to Iranian activity since 2019.Click here for Anomali recommendation
Researchers at Cisco Talos have identified a new version of “Loda,” an AutoIT-based Remote Access Trojan (RAT), being used in a malware campaign targeting countries in Central and South America, as well as the United States. The Loda RAT was first observed in 2016, but the new version of Loda has impr ..Support the originator by clicking the read the rest link below.
