Rewterz Threat Advisory – Multiple Vulnerabilities in Cisco Business Process Automation
July 8, 2021Rewterz Threat Advisory – CVE-2021-1234 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability
July 8, 2021Rewterz Threat Advisory – Multiple Vulnerabilities in Cisco Business Process Automation
July 8, 2021Rewterz Threat Advisory – CVE-2021-1234 – Cisco SD-WAN vManage Software Information Disclosure Vulnerability
July 8, 2021Severity
High
Analysis Summary
Following samples of Lazarus group aka Guardians of Peace, a state-sponsored North Korean threat actor group targeting financial organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region.
Impact
- Credential theft
- Exposure of sensitive data
- Information theft and Espionage
Indicators of Compromise
Filename
- New Development Guidelines[.]zip
- Password[.]txt[.]lnk
- Security Bugs in rigs[.]zip
MD5
- d3a988a9750cb6582310c806fa32d4f1
- 805949896d8609412732ee7bfb44900a
- f5b14052e15aea78d2da695276f585c8
SHA-256
- c0eca31fa12a7785f5d296dcd9816075ba14f7cfb556999302c55b491014a89f
- 6c59f168e7e070fb4ef32a59aa493da141d1f93ed7ba36396f148212060f14f8
- a12421659b75446687dc3e39e2d57073cf5a7d727a0a713d93b7fdfea97e5a06
SHA1
- b84b8bae60f2dbae6f6ce1edd83b24925251859b
- 4cd9d0e58b11f7b18735918db6c00a7f14d8bae6
- 65ebe030d75cf579dc5a20f9c60e58e6012e0a06
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.