Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Honkbox Malware – Active IOCs
March 6, 2023Rewterz Threat Alert – Cybersecurity Agency Warns of Fatal Potential of Royal Ransomware – Active IOCs
March 6, 2023
Severity
High
Analysis Summary
APT (Advanced Persistent Threat) Nobelium is a state-sponsored Threat Actor group that has been responsible for a number of cyber attacks in recent years. The group is believed to be linked to the Russian government and has been identified by a number of cybersecurity firms as one of the most sophisticated and dangerous APT groups in operation.
Nobelium was first identified in 2014, but it was not until 2019 that the group gained wider attention after it launched a series of attacks targeting US government agencies and private sector companies. In May 2021, the group was responsible for a major cyber attack on US-based software company SolarWinds, which affected thousands of government and private sector organizations.
The SolarWinds attack involved Nobelium compromising SolarWinds’ software update system, which allowed them to distribute a malicious software update to SolarWinds’ customers. This attack is believed to be one of the largest and most sophisticated cyber attacks ever carried out.
Nobelium is known for using a range of tactics to compromise its targets, including spear phishing campaigns, exploiting vulnerabilities in software, and using social engineering techniques to gain access to sensitive information. The group is highly skilled and has been known to tailor its attacks to specific targets, using advanced techniques to evade detection.
Due to its sophisticated techniques and links to the Russian government, Nobelium is considered a major threat to global cybersecurity. Governments and private sector organizations are advised to take appropriate measures to protect themselves against this group’s activities.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 67a6774fbc01eb838db364d4aa946a98
SHA-256
- 21a0b617431850a9ea2698515c277cbd95de4e59c493d0d8f194f3808eb16354
SHA-1
- 2a0478a22d27f7af98786e873b6c85c4ae2e3b2e
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment.