Rewterz Threat Alert – APT-C-23 aka AridViper – Active IOCs
May 31, 2021Rewterz Threat Advisory – CVE-2021-33623 – Node.js trim-newlines module denial of service
June 1, 2021Rewterz Threat Alert – APT-C-23 aka AridViper – Active IOCs
May 31, 2021Rewterz Threat Advisory – CVE-2021-33623 – Node.js trim-newlines module denial of service
June 1, 2021Severity
Medium
Analysis Summary
The organizations welcoming back workers are enacting testing programs and workplace rules to guard against COVID-19 infections. To prepare employees, many companies are offering webinars and training videos to explain the new rules and requirements. Of course, cybercriminals are aware of this trend and are actively exploiting it. The attackers are deploying emails and malicious files masquerading as COVID-19 training materials. One particular email tries to trap the recipient into signing up for a phony employee training seminar. Clicking the link in the email actually leads the person to a malicious website designed to capture their Microsoft credentials.
Impact
- Data exfiltration
- Credential theft
- Exposure of sensitive data
Remediation
- Block the threat indicators at their respective controls.
- Do not click on URLs and files attached in untrusted emails.
- Do not download software from random sources on the internet.
- Keep all software upgraded to latest patched versions.