Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023
Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Dark Pink APT Threat Actor Group – Active IOCs
March 1, 2023Rewterz Threat Update – Threat Alert: Pakistan’s Cyberspace Targeted by ISIS-Affiliated Hackers
March 2, 2023
Severity
Medium
Analysis Summary
The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, is a sophisticated threat actor group that has been active since at least 2010 and is one of the longest-known Chinese APT groups. The group has used a variety of malware families, including PlugX/Fast, Winnti/Pasteboy, and Shadowpad, to target a wide range of industries and sectors, including the computer gaming industry, semiconductor, telecoms, materials manufacturing, pharmaceutical, media, and advertising, hospitality, natural resources, fintech, and food sectors.
The recent targeting of two subsidiaries of an Asian conglomerate operating in the materials and composites sector suggests that the group may be attempting to steal intellectual property. Intellectual property theft is a common motivation for cyber espionage groups, as stolen IP can be used to gain a competitive advantage or to sell on the black market.
“Although the group’s technological skill has remained consistent, there has been a frequent refreshing of its toolset, no doubt in an attempt to keep ahead of detection,” says Dick O’Brien, chief intelligence analyst at Symantec Threat Hunter.
To avoid penetration by Blackfly and other APTs aiming at stealing IP, Symantec recommends deploying an overall in-depth protection strategy and implementing multifactor authentication (MFA) throughout the company network. Implement strong security controls, such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) solutions, as well as conducting regular security assessments and employee training.
Impact
- Theft Of Intellectual property (IP).
Indicators of Compromise
MD5
- 9dbf67fd22957a6066d08cb366e7c0c9
- 7cae7510f67d0725d844cc528805780b
- 10e5281f7a8b604061b49cfee6f25506
- 674e960c2829ff3664e1cb3d2ca286b9
- ba69669818ef9ccec174d647a8021a7b
- 98265b67f56076738d9e9219bdcfcbc9
SHA-256
- e1e0b887b68307ed192d393e886d8b982e4a2fd232ee13c2f20cd05f91358596
- 714cef77c92b1d909972580ec7602b0914f30e32c09a5e8cb9cb4d32aa2a2196
- 192ef0dee8df73eec9ee617abe4b0104799f9543a22a41e28d4d44c3ad713284
- 560ea79a96dc4f459e96df379b00b59828639b02bd7a7a9964b06d04cb43a35a
- a3acb9f79647f813671c1a21097a51836b0b95397ebc9cd178bc806e1773c864
- f138d785d494b8ff12d4a57db94958131f61c76d5d2c4d387b343a213b29d18f
SHA-1
- 1275894d8231fe25db56598ddcf869f88df5ad8d
- 9139c89b2b625e2ceee2cbf72aef6c5104707a26
- 082dbca2c3ca5c5410de9951a5c681f0c42235c8
- 7b50d59c1fe8d6536ea8e5091d2710a4e0c03b7e
- b6818d2d5cbd902ce23461f24fc47e24937250e6
- 5c537b4f7b95bf6b0a0820aa13258961757e40c3
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Adopt multifactor authentication (MFA) across the enterprise network
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.