Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
April 6, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs – Russian-Ukrainian Cyber Warfare
April 6, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
April 6, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs – Russian-Ukrainian Cyber Warfare
April 6, 2022Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is known for carrying out sophisticated attacks on several private companies, journalists, foreign governments, and activists with a primary concentration on Southeast Asian countries including Vietnam, Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims. APT32 conducts targeted operations that are consistent with Vietnamese state goals using a unique suite of fully-featured malware in combination with commercially accessible tools. The APT32 attack includes meaningless code to deceive security tools, allowing it to go undetected.
Impact
- Information Theft and Espionage
- Data Exfiltration
Indicators of Compromise
Filename
- To-Do[.]doc
MD5
- 9f791b33cd478b6386fdb49d67c8e833
SHA-256
- 1e3f68e6bee74e8477f9f270068a4d20c89f84b1bc42e517e71c69f1417a5ce5
SHA-1
- 721027c02aeda4b9c59828b0a0cda9779e9ce470
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.