Rewterz Threat Alert – Confucius APT Targeting Pakistan
November 19, 2020Rewterz Threat Advisory – CVE-2020-3441 – Cisco Webex Meetings and Cisco Webex Meetings Server Vulnerability
November 19, 2020Rewterz Threat Alert – Confucius APT Targeting Pakistan
November 19, 2020Rewterz Threat Advisory – CVE-2020-3441 – Cisco Webex Meetings and Cisco Webex Meetings Server Vulnerability
November 19, 2020Severity
High
Analysis Summary
The Iranian cyber criminal group MuddyWater has resurfaced. The group primarily has targeted Middle Eastern, European and North American nations. The industries under target include telecommunications, government (IT services), and oil sectors. Most of the campaigns by MuddyWater are designed upon socially engineering their victims into enabling macros in order to
infect the targeted workstation. Once macros were enabled, the threat actor-written code would attempt to obtain a trojan hosted on an adversarial payload command and control node.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
MD5
- a2707bfb35c9fed11d81949873d3a00a
SHA-256
- 4e8a2b592ed90ed13eb604ea2c29bfb3fbc771c799b3615ac84267b85dd26d1c
SHA1
- d450b0efac0c3bb84e22270c8d76cc02f000bdcb
Remediation
- Block all threat indicators at your respective controls.
- Never click on links/attachments sent by unknown senders.
- Always be suspicious about emails sent by unknown senders.
- Do not enable macros for untrusted files.