Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server
March 15, 2021Rewterz Threat Advisory – IBM API Connect information disclosure
March 16, 2021Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server
March 15, 2021Rewterz Threat Advisory – IBM API Connect information disclosure
March 16, 2021Severity
High
Analysis Summary
(APT28, Fancy Bear, Pawn Storm, Sofacy Group, Sednit, STIONTIUM, etc.), is an Russian backed APT organization with a military intelligence agency background. The organization’s main targets are government agencies, diplomatic agencies, and scientific research institutions in North America, Central Asia, and Europe. APT28 has used zebrocy downloader many times in historical attacks. Zebrocy downloader includes delphi version, nim version, autolt version, VB.NET version, Visual C++ version, C# version and go version.
Impact
direct-cpu-clock-access
Indicators of Compromise
MD5
- ff4ed4650fd0e188a952b05d82eee86f
SHA-256
- eae62bb4110bcd00e9d1bcaba9000defcda3d1ab832fa2634d928559d066cb15
SHA1
- eaa2008b6cd1de40a12a748c4ee56ba68f5d8f74
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.