Rewterz Threat Advisory – Multiple Apache Airflow Hive Provider and Apache Airflow Vulnerability
November 24, 2022Rewterz Threat Advisory – CVE-2022-27497 – Intel AMT Vulnerability
November 24, 2022Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is well-known for carrying out sophisticated attacks on a variety of private companies, journalists, foreign governments, and activists, with a major focus on Southeast Asian nations such as Vietnam, the Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims.
APT32 uses a unique suite of fully-featured malware in combination with commercially available tools to undertake targeted operations that are congruent with Vietnamese state interests. The APT32 attack includes irrelevant code to deceive security tools and go undetected. Threat actors behind this group appear to be well-resourced and supported since they employ a diverse collection of domains and IP addresses as command and control infrastructure.
Impact
- Espionage and Intellectual Theft
- Extrusion of Data
Indicators of Compromise
MD5
641b7ab0d42d283f5b34de84cdcdcdc6
d3e3d4a0e23ceabf53e7b7c01abaa755
SHA-256
d9dd5aac88bab13198a52bfb3d458f929e7daf963966284e57260aeba8d23b8a
14582706fb6c4990dbc72256a3ff5d3a7e1b0a9982aed4b11cd2f927df530c45
SHA-1
f496c193b1fcb9303e7df5c5bf4dccb2a6896ce9
5ee1de4f9ac6ead8e0fcbf16bb1a0d497cb5adf8
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.
- Emails from unknown senders should always be treated with caution.
- Never open links or attachments from unknown senders.