Rewterz Threat Advisory – CVE-2021-26439 – Microsoft Edge Security Vulnerability
September 5, 2021Rewterz Threat Alert – Red Line Malware – Active IOCs
September 6, 2021Rewterz Threat Advisory – CVE-2021-26439 – Microsoft Edge Security Vulnerability
September 5, 2021Rewterz Threat Alert – Red Line Malware – Active IOCs
September 6, 2021Severity
High
Analysis Summary
Following samples of Lazarus group aka Guardians of Peace, a state-sponsored North Korean threat actor group targeting financial organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. The malicious file suspected of being used as an attachment has the name Security Bugs in Operation.pdf.lnk and Security Bugs in Operation. zip. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region
Impact
- Exposure of Sensitive Data
- Credential Theft
- Information Theft and Espionage
Indicators of Compromise
Filename
- Security Bugs in Operation. zip
- Security Bugs in Operation.pdf.lnk
MD5
- a224350ce67eea6a8d818b85436c5309
SHA-256
- 5387cce3c7020b29263092dac931f087f1b8c31e4682c968bd4330f5e2735e52
SHA1
- 17a2e74f2caca5c7c1e78795c92fadac1d387792
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.