Rewterz Threat Alert – Honkbox Malware – Active IOCs
March 6, 2023Rewterz Threat Alert – Cybersecurity Agency Warns of Fatal Potential of Royal Ransomware – Active IOCs
March 6, 2023Rewterz Threat Alert – Honkbox Malware – Active IOCs
March 6, 2023Rewterz Threat Alert – Cybersecurity Agency Warns of Fatal Potential of Royal Ransomware – Active IOCs
March 6, 2023Severity
High
Analysis Summary
APT (Advanced Persistent Threat) Nobelium is a state-sponsored Threat Actor group that has been responsible for a number of cyber attacks in recent years. The group is believed to be linked to the Russian government and has been identified by a number of cybersecurity firms as one of the most sophisticated and dangerous APT groups in operation.
Nobelium was first identified in 2014, but it was not until 2019 that the group gained wider attention after it launched a series of attacks targeting US government agencies and private sector companies. In May 2021, the group was responsible for a major cyber attack on US-based software company SolarWinds, which affected thousands of government and private sector organizations.
The SolarWinds attack involved Nobelium compromising SolarWinds’ software update system, which allowed them to distribute a malicious software update to SolarWinds’ customers. This attack is believed to be one of the largest and most sophisticated cyber attacks ever carried out.
Nobelium is known for using a range of tactics to compromise its targets, including spear phishing campaigns, exploiting vulnerabilities in software, and using social engineering techniques to gain access to sensitive information. The group is highly skilled and has been known to tailor its attacks to specific targets, using advanced techniques to evade detection.
Due to its sophisticated techniques and links to the Russian government, Nobelium is considered a major threat to global cybersecurity. Governments and private sector organizations are advised to take appropriate measures to protect themselves against this group’s activities.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 67a6774fbc01eb838db364d4aa946a98
SHA-256
- 21a0b617431850a9ea2698515c277cbd95de4e59c493d0d8f194f3808eb16354
SHA-1
- 2a0478a22d27f7af98786e873b6c85c4ae2e3b2e
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment.