Rewterz Threat Alert – MuddyWater Targeting Turkish Organizations – Active IOCs
February 2, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 2, 2022Rewterz Threat Alert – MuddyWater Targeting Turkish Organizations – Active IOCs
February 2, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 2, 2022Severity
Mediujm
Analysis Summary
After the logistics group Hellmann, cybercriminals attacked another major German company within a few weeks. The tank logistics company Oiltanking, which belongs to the Hamburg group of companies Marquard & Bahls, was the victim of an attack, as the company confirmed to the Handelsblatt on Monday.
The IT systems of the mineral oil trader Mabanaft are also affected. The full extent of the incident is still unclear. Mabanaft also belongs to the Marquard & Bahls Group, which had sales of around EUR 9.2 billion in 2020. In a message to its business partners, Oiltanking Germany writes:
“We are working to solve the problem in accordance with our emergency plans.”
APT27 has been attributed to several attacks targeting German Organizations and Governments. Emissary Panda – AKA APT27, BRONZE UNION, Iron Tiger, LuckyMouse, TG-3390, and Threat Group-3390 – has been active for more than a decade and remains a powerful adversary. This Chinese cyberespionage group targets organizations in the government, defense, aerospace, technology, manufacturing, and energy sectors. The group was involved in cyber espionage campaigns against Turkish organizations and the middle-east. They deploy Malware like China Chopper, Gh0st, HyperBro, and ZxShell to exploit applications networks.
APT27 has been recently using Zoho and Microsoft Exchange vulnerabilities to attack German companies. The exploits are:
- CVE-2021-40539 – Zoho Manage Engine ADSelfService Plus
- CVE-2021-26855 – Microsoft Exchange
- CVE-2021-26857 – Microsoft Exchange
- CVE-2021-26858 – Microsoft Exchange
- CVE-2021-27065 – Microsoft Exchange
Remediation
Refer to CISA advisory from more update affected product and their respective patches
And the advisory published by the BfV German domestic intelligence services
Refer to CISA advisory from more update affected product and their respective patches
And the advisory published by the BfV German domestic intelligence services