Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Multiple Jenkins Products Vulnerabilities
March 9, 2023
Rewterz recognized as “Outstanding in SMB Support” in 2023 KuppingerCole Market Compass Report for SOCaaS for the UAE
March 10, 2023
Severity
High
Analysis Summary
Lazarus APT is a notorious advanced persistent threat (APT) group associated with North Korea, operating since at least 2009. The threat actors are suspected of being behind a number of diverse efforts, including cyber espionage, and attacks on financial institutions, government agencies, and the military. They are known for conducting financially motivated attacks against various targets, including banks, cryptocurrency exchanges, and other financial institutions. The recent campaign involves a file name “OKX Binance & Huobi VIP fee comparision.xls,” which appears to be a malicious document designed to infect victims’ computers with malware. It is possible that the Lazarus APT group is using this file as part of a phishing campaign to target individuals associated with cryptocurrency exchanges like OKX, Binance, and Huobi.
The Lazarus Group is a highly sophisticated and well-funded organization and is considered to be one of the most significant threats to organizations and individuals in the cyber security landscape. To protect against Lazarus APT and similar threats, it is important to regularly update software and security patches, implement multi-factor authentication, be cautious when opening emails and attachments, and regularly back up important data.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 5a7ecacfc3db5ab0004ecedc391cadcc
- 0401e38f025f29091aa450d8e3afdec0
SHA-256
- aa52d507b0a943cef3ee5dc8bb19040c38b9269400ee41ca28008577f521ebfd
- d4244b5c3cf4a32ace9e59bb71d64ac0011cbdb0e7426ede96265d0615d1d7e7
SHA-1
- 5387719a52d3b00bd621db417e3ed36a20f5fa3
- dcf792870de12b66bcd658c495dfd31cc6db6f04
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets