Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023
Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023
Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023
Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023
Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
July 21, 2023
Rewterz Threat Alert – Donot APT Group – Active IOCs
July 23, 2023
Severity
High
Analysis Summary
APT (Advanced Persistent Threat) Nobelium is a state-sponsored Threat Actor group that has been responsible for a number of cyber attacks in recent years. The group is believed to be linked to the Russian government and has been identified by a number of cybersecurity firms as one of the most sophisticated and dangerous APT groups in operation.
Nobelium was first identified in 2014, but it was not until 2019 that the group gained wider attention after it launched a series of attacks targeting US government agencies and private sector companies. In May 2021, the group was responsible for a major cyber attack on US-based software company SolarWinds, which affected thousands of government and private sector organizations.
The SolarWinds attack involved Nobelium compromising SolarWinds’ software update system, which allowed them to distribute a malicious software update to SolarWinds’ customers. This attack is believed to be one of the largest and most sophisticated cyber attacks ever carried out.
Nobelium is known for using a range of tactics to compromise its targets, including spear phishing campaigns, exploiting vulnerabilities in software, and using social engineering techniques to gain access to sensitive information. The group is highly skilled and has been known to tailor its attacks to specific targets, using advanced techniques to evade detection.
Due to its sophisticated techniques and links to the Russian government, Nobelium is considered a major threat to global cybersecurity. Governments and private sector organizations are advised to take appropriate measures to protect themselves against this group’s activities.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- fc53c75289309ffb7f65a3513e7519eb
- 4f744666d2a2dc95419208c61e42f163
- 0be11b4f34ede748892ea49e473d82db
SHA-256
- 302c0d553c9e7f2561864d79022b780a53ec0a5927e8962d883b88dde249d044
- 4da57027ffe7e32c891334d6834923bc17e4174c53ace4ff69de6410c24d84cb
- ae79aa17e6f3cc8e816e32335738b61b343e78c20abb8ae044adfeac5d97bf70
SHA-1
- 7c983eeac2f60abaaf49bc349dfb7079b716d6a3
- 34712624aadd053f43703af860fe90e545bf1f0a
- 15d9b5a0d442e9dccf1e0f0ded34f7b6014c47b6
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment.