Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 1, 2021Rewterz Threat Advisory – CVE-2021-41449 – NETGEAR products Vulnerability
December 2, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 1, 2021Rewterz Threat Advisory – CVE-2021-41449 – NETGEAR products Vulnerability
December 2, 2021Severity
High
Analysis Summary
The SideWinder Advanced Persistent Threat (APT) group has used recent territory disputes between China, India, Nepal, and Pakistan as lures. The goal is to gather sensitive information from its targets, mainly located in Nepal and Afghanistan. The targets here include multiple government and military units for countries in the region researchers said, including the Nepali Ministries of Defense and Foreign Affairs, the Nepali Army, the Afghanistan National Security Council, the Sri Lankan Ministry of Defense, the Presidential Palace in Afghanistan, and more.
Impact
- Information theft and espionage
- Data exfiltration
Indicators of Compromise
Filename
- SPAM_FILTER_SETTINGS[.]docx
MD5
- e096b33467e6018944c05fb6e4bb03a0
SHA-256
- 38853bf262979313483310502d14a78db147586880d34571edf4d90e4bf05eb1
SHA-1
- 3999e82deaefe0325d538c7fea856236bdd455a9
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.