Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 14, 2023
Severity High Analysis Summary Kimsuky is a North Korean advanced persistent threat (APT) group, also known as “Black Banshee”. The group has been active since at […]September 14, 2023Severity High Analysis Summary CVE-2023-4213 CVSS:8.8 Simplr Registration Form Plus+ plugin for WordPress could allow a remote authenticated attacker to bypass security restrictions, caused by an […]September 14, 2023Severity High Analysis Summary CVE-2023-41032 CVSS:7.8 Siemens Parasolid could allow a remote attacker to execute arbitrary code on the system, caused by an out of bounds […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 14, 2023Severity High Analysis Summary Kimsuky is a North Korean advanced persistent threat (APT) group, also known as “Black Banshee”. The group has been active since at […]September 14, 2023Severity High Analysis Summary CVE-2023-4213 CVSS:8.8 Simplr Registration Form Plus+ plugin for WordPress could allow a remote authenticated attacker to bypass security restrictions, caused by an […]September 14, 2023Severity High Analysis Summary CVE-2023-41032 CVSS:7.8 Siemens Parasolid could allow a remote attacker to execute arbitrary code on the system, caused by an out of bounds […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Lazarus (aka Hidden Cobra) APT Group – Active IOCs
July 4, 2023Rewterz Threat Advisory – CVE-2023-3460 – WordPress Ultimate Member Plugin Zero-Day Vulnerability Exploiting in the Wild
July 4, 2023
Severity
High
Analysis Summary
In early June, Microsoft experienced significant service outages, affecting Outlook email, OneDrive file-sharing apps, and the Azure cloud computing infrastructure. The responsibility for these DDoS attacks was claimed by a group known as Anonymous Sudan, also referred to as Storm-1359. Anonymous Sudan, which has been active since January 2023, claims to target countries opposing Sudan, although some researchers believe it is a sub-group of the pro-Russian threat group Killnet.
The threat actors behind the attacks utilized multiple virtual private servers (VPS), rented cloud infrastructure, open proxies, and DDoS tools. Initially, Microsoft did not provide specific details about the outages but later confirmed the DDoS attacks in a report titled “Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks.” The report acknowledged the surges in traffic that impacted availability and mentioned the ongoing tracking of DDoS activity by the threat actor known as Storm-1359.
“Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability. Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359.” published by the company.
Microsoft stated that they have not found any evidence indicating that customer data has been accessed or compromised during the attacks. However, Anonymous Sudan made an announcement claiming to have stolen credentials for 30 million Microsoft customer accounts. They published a message on their Telegram channel, declaring a successful hack of Microsoft and offering a large database containing the alleged stolen data for sale at a price of $50,000.
“We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, email and password. Price for full database : 50,000 USD”, on their telegram group.
Anonymous Sudan provided a sample of the purportedly stolen data to support their claim. As of now, Microsoft has not publicly commented on the alleged data breach.
Researchers contacted Microsoft to seek a comment regarding the validity of the claims made by Anonymous Sudan. In response, a spokesperson from Microsoft firmly denied any data breach allegations. The company representative stated that their analysis of the data showed that the claims were not legitimate and that it appeared to be an aggregation of data. They further emphasized that there was no evidence to suggest that customer data had been accessed or compromised.
While Microsoft has refuted the data breach claims, the situation is still ongoing, and it is unclear whether Microsoft’s investigation into the matter is complete or ongoing. Additionally, the company’s response to the potential public release of the data remains to be seen.
Impact
- Service Disruptions
- Operational Outage
- Information Theft