ICS: Multiple Siemens Products Vulnerabilities
August 6, 2024Multiple GitHub Enterprise Server Vulnerabilities
August 6, 2024ICS: Multiple Siemens Products Vulnerabilities
August 6, 2024Multiple GitHub Enterprise Server Vulnerabilities
August 6, 2024Severity
High
Analysis Summary
Emissary Panda - aka APT27, BRONZE UNION, Iron Tiger, LuckyMouse, TG-3390, and Threat Group-3390 - has been active for more than a decade and remains a powerful adversary.
This Chinese cyber-espionage group targets organizations in the government, defense, aerospace, technology, manufacturing, and energy sectors. The group was involved in cyber espionage campaigns against Turkish organizations and the Middle East. They deploy Malware like China Chopper, Gh0st, HyperBro, and ZxShell to exploit application networks.
APT27 has been using Zoho and Microsoft Exchange vulnerabilities to attack German companies. The exploits include:
- CVE-2021-40539 – Zoho Manage Engine ADSelfService Plus
- CVE-2021-26855 – Microsoft Exchange
- CVE-2021-26857 – Microsoft Exchange
- CVE-2021-26858 – Microsoft Exchange
- CVE-2021-27065 – Microsoft Exchange
Recently, the threat actors manipulated a code-signing certificate issued by VMPsoft, the company that created the VMProtect packer. The signed file is a SysUpdate backdoor loader, according to researchers.
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
- dssdhome.xyz
MD5
- 12da46158cb3faddf00b0b7ea62ca13e
- 6ce07ebfbd33443cca2f5bda3fa604ec
- e546e832f5762cbf8f28b6558c012b8d
SHA-256
- 7ff1a20e8a37162f8a1a7bb00d7f5b9d0993cf7e232aa7e6373014fecd191d4d
- 94d6af90cfb0d9ae767eb3f6a41f1ad583a3fb1e2108fdc6de7706a922855fe5
- 4fdb0465d2a66e1d810e072b8e205bf7445566a8e9a97c4cd3da0a7b4dc991a4
SHA1
- 5b2e4a6be9b3474be6001cf186ee39972d2cedf7
- 6078e04e676ef5519ef16cf9360476cab84384a2
- ad6368dbb616f9a1a56ec1d3ac9026887928ad63
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Do not download documents attached to emails from unknown sources.
- Do not enable macros for untrusted files.
- Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.