Rewterz Threat Advisory –Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files
July 21, 2021Rewterz Threat Advisory –CVE-2021-36934 – Microsoft Windows Privilege Escalation
July 21, 2021Rewterz Threat Advisory –Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files
July 21, 2021Rewterz Threat Advisory –CVE-2021-36934 – Microsoft Windows Privilege Escalation
July 21, 2021Severity
High
Analysis Summary
The threat group APT-40 is a Chinese state-sponsored group that conducted a spearphishing and intrusion campaign targeting U.S. oil and natural gas (ONG) pipeline companies. The Chinese state-sponsored actors searched document repositories for the following data types:
Document searches: “SCAD*”
Personnel lists
Usernames/passwords
Dial-up access information
System manuals
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- e12ce62cf7de42581c2fe1d7f36d521c
- ed92d1242c0017668b93a72865b0876b
- 6818a9aef22c0c2084293c82935e84fe
- 05476307f4beb3c0d9099270c504f055
- 54db65a27472c9f3126df5bf91a773ea
- a46a7045c0a3350c5a4c919fff2831a0
- 60456fe206a87f5422b214369af4260e
- 4a8854363044e4d66bf34a0cd331d93d
- 17199ddac616938f383a0339f416c890
- 7caf4dbf53ff1dcd5bd5be92462b2995
- 99b58e416c5e8e0bcdcd39ba417a08ed
- f0a00cfd891059b70af96b807e9f9ab8
- ea1b46fab56e7f12c4c2e36cce63d593
- f5369e59a1ddca9b97ede327e98d8ffe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.