Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023
Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Kassino Campaign Spreading Agent Tesla via Phishing Emails
August 5, 2019Rewterz Threat Alert – GermanWiper Ransomware Erases Data, Still Asks for Ransom
August 6, 2019
Severity
High
Analysis Summary
Strontium (APT28) has resurfaced again, this time targeting VoIP phones, printers, and video decoders. Attacks have been observed in the wild said the Microsoft Threat Intelligence Center, one of the OS maker’s cyber-security divisions. The hacker group tried to exploit a VOIP phone, an office printer, and a video decoder, Microsoft said.
The investigation uncovered that an actor had used these devices to gain initial access to corporate networks, In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third instance the latest security update had not been applied to the device.
Microsoft said hackers used the compromised IoT devices as an entry point into their targets’ internal networks, where they’d scan for other vulnerable systems to expand this initial foothold.
“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets,” Microsoft said.
“They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting.
Microsoft said it identified and blocked these attacks in their early stages, so its investigators weren’t able to determine what Strontium was trying to steal from the compromised networks.
Indicators of Compromise
IP(s) / Hostname(s)
- 167[.]114[.]153[.]55
- 94[.]237[.]37[.]28
- 82[.]118[.]242[.]171
- 31[.]220[.]61[.]251
- 128[.]199[.]199[.]187
Remediation
Block threat indicators at your respective controls.