Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
July 21, 2023Rewterz Threat Alert – Donot APT Group – Active IOCs
July 23, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
July 21, 2023Rewterz Threat Alert – Donot APT Group – Active IOCs
July 23, 2023Severity
High
Analysis Summary
APT (Advanced Persistent Threat) Nobelium is a state-sponsored Threat Actor group that has been responsible for a number of cyber attacks in recent years. The group is believed to be linked to the Russian government and has been identified by a number of cybersecurity firms as one of the most sophisticated and dangerous APT groups in operation.
Nobelium was first identified in 2014, but it was not until 2019 that the group gained wider attention after it launched a series of attacks targeting US government agencies and private sector companies. In May 2021, the group was responsible for a major cyber attack on US-based software company SolarWinds, which affected thousands of government and private sector organizations.
The SolarWinds attack involved Nobelium compromising SolarWinds’ software update system, which allowed them to distribute a malicious software update to SolarWinds’ customers. This attack is believed to be one of the largest and most sophisticated cyber attacks ever carried out.
Nobelium is known for using a range of tactics to compromise its targets, including spear phishing campaigns, exploiting vulnerabilities in software, and using social engineering techniques to gain access to sensitive information. The group is highly skilled and has been known to tailor its attacks to specific targets, using advanced techniques to evade detection.
Due to its sophisticated techniques and links to the Russian government, Nobelium is considered a major threat to global cybersecurity. Governments and private sector organizations are advised to take appropriate measures to protect themselves against this group’s activities.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- fc53c75289309ffb7f65a3513e7519eb
- 4f744666d2a2dc95419208c61e42f163
- 0be11b4f34ede748892ea49e473d82db
SHA-256
- 302c0d553c9e7f2561864d79022b780a53ec0a5927e8962d883b88dde249d044
- 4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb
- ae79aa17e6f3cc8e816e32335738b61b343e78c20abb8ae044adfeac5d97bf70
SHA-1
- 7c983eeac2f60abaaf49bc349dfb7079b716d6a3
- 34712624aadd053f43703af860fe90e545bf1f0a
- 15d9b5a0d442e9dccf1e0f0ded34f7b6014c47b6
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment.