Rewterz Threat Advisory – CVE-2021-24122 – Apache Tomcat information disclosure
January 18, 2021Rewterz Threat Advisory – Multiple NETGEAR Routers information disclosure
January 19, 2021Rewterz Threat Advisory – CVE-2021-24122 – Apache Tomcat information disclosure
January 18, 2021Rewterz Threat Advisory – Multiple NETGEAR Routers information disclosure
January 19, 2021Severity
High
Analysis Summary
The APT group known as StrongPity is back with a new campaign targeting users in different regions. The group has previously targeted financial, industrial and educational sectors for data exfiltration and to look out for any file or document from a victim’s machine. The group also known as Promethium and StrongPity, the earliest attack activity of the APT organization can be traced back to 2012 . The organization is mainly targeting Italy, Turkey, Belgium, Syria, Europe and other regions and countries to conduct attacks.
Impact
- Data exfiltration
- Exposure of sensitive data
Indicators of Compromise
Domain Name
- applicationrepo[.]com
MD5
- 60e9f401ea30605d57cdc821533d9675
SHA-256
- 995d1cd140d2b0ea133d057ca846435fc61d8ed7cee8b3240d8f0e428d3137a9
SHA1
- 91b67ecaf9beef5d6e15e3dc2f4e0725d17ccbd2
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.