Rewterz Threat Advisory – CVE-2020-4903 – IBM API Connect information disclosure
March 9, 2021Rewterz Threat Advisory – CVE-2021-21484 – SAP HANA security bypass
March 10, 2021Rewterz Threat Advisory – CVE-2020-4903 – IBM API Connect information disclosure
March 9, 2021Rewterz Threat Advisory – CVE-2021-21484 – SAP HANA security bypass
March 10, 2021Severity
High
Analysis Summary
Kimsuky is believed to be a North Korean-based threat group who have been operating since the latter half of 2013 with many campaigns being attributed to the group. The group is also known by other names including Velvet Chollima and Black Banshee. The group is using fake Microsoft page as an attachment and luring users to click on the document to enable macros which would later be used for information theft and espionage.
Impact
Information theft and espionage
Indicators of Compromise
Filename
- Business report[.]docx
MD5
- 21b72a6ed58db07a7f7c16372c3422e2
SHA-256
- e46887db62f3ee5583587531358e1b70cc8a171067fa4e1ae3e6693f7f9fc938
SHA1
- 9b6d96909a1ee359ec9b15e0e217fcf07a5d1ee0
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.