Rewterz Threat Alert – Latest Covid-19 Malicious URLs
June 17, 2020Rewterz Threat Advisory – Multiple Security Vulnerabilities In Cisco Products
June 18, 2020Rewterz Threat Alert – Latest Covid-19 Malicious URLs
June 17, 2020Rewterz Threat Advisory – Multiple Security Vulnerabilities In Cisco Products
June 18, 2020Severity
High
Analysis Summary
A recent phishing campaign have emerged targeting Pakistan government organizations impersonating Federal investigation Agency (FIA) delivering lure which discuss Pakistan-China National Network Security Incident Contingency Plan.The malicious document file named National_Network_Security.docx exploits CVE-2017-0261 a remote code execution vulnerability in microsoft office and drops a JLI backdoor.These ongoing phishing campaign are part of the continuity of recent cyber attacks that are being conducted by Suspected Indian APT group APT-C-35. The timing of these attacks are critical because of the ongoing tensions between India and China and their neighboring countries. While subcontinent region remains active due to it’s security conditions, countries are now more focused to sabotage and disrupt the processes by gaining advantage on the cyber front on their opponents.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
Filename
- National_Network_Security[.]docx
IP
- 185[.]29[.]10[.]117
MD5
- 9a3c9a9c904fbae3a020be4799cd781c
SHA-256
- 22960057a38990ed2b0d79b2554c6364f15ea74a8cf1ab257f01e4f39b9851ea
SHA1
- bbf57e00eaf13cecbab7fa23ebcf13c45833f866
Remediation
- Block all threat indicators at your respective controls.
- install the patch for security vulnerability CVE-2017-0261 by visiting https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.