Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]
Severity Medium Analysis Summary CVE-2023-30440 IBM PowerVM Hypervisor could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to […]
Severity High Analysis Summary CVE-2023-33246 Apache RocketMQ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when using the […]
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]
Severity Medium Analysis Summary CVE-2023-30440 IBM PowerVM Hypervisor could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to […]
Severity High Analysis Summary CVE-2023-33246 Apache RocketMQ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when using the […]
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz Threat Alert – An Unknown APT Group Targeting Russian Government Entities – Russian-Ukrainian Cyber Warfare – Active IOCs
Severity
Medium
Analysis Summary
Since the beginning of the Russian invasion of Ukraine, researchers have identified an undisclosed Advanced Persistent Threat (APT) group that is targeting Russian government organizations with at least four different spear-phishing campaigns. The threat actors intended to install a Remote Access Trojan (RAT) to take complete control of the affected PCs.
The first campaign involved attackers disseminating bespoke malware (named interactive_map_UA.exe) disguised as an interactive map of Ukraine.
In the second camapign the threat actor packed its custom malware in a tar archive entitled Patch_Log4j.tar.gz and disguised the malicious code as an update for the Log4j vulnerability. The staff of RT TV were the primary target of this campaign (which started in March).
In the third campaign, the Rostec defence conglomerate makes an appearance. The threat actor utilized the file name build_rosteh4.exe for its malware, ostensibly to make it appear like Rostec software.
The fourth campaign, which began in mid-April, employed a Word document with a phoney job advertisement for a “Strategy and Growth Analyst” position at Saudi Aramco, the Saudi Arabian public petroleum and natural gas company.
According to experts, these attacks might be done by Chinese-linked APT group.
The APT responsible for these activities is still being identified, however based on the infrastructure employed, with low confidence it is suspected that the group is a Chinese linked APT group. This is because all of the C2s are from BL Networks, which has previously been utilised by Chinese APTs. In addition, they detected infrastructure overlap between our malware and the Sakula Rat malware utilized by the Deep Panda APT.