• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Malicious Domain Injecting JS Scripts to Steal Credit Card Data
May 13, 2019
Rewterz Threat Advisory – CVE-2019-10922 – Siemens SIMATIC WinCC and SIMATIC PCS 7 Remote Code Execution Vulnerability
May 15, 2019

Middle East Expected to See a Series of Cyber Attacks Disrupting Industrial Processes

May 13, 2019

Severity

High

Analysis Summary


“Russia and Iran are looking to conduct disruptive cyber-attacks on OT [operational technology] targets in the Middle East in a bid to disrupt industrial production.”, says FireEye, a major Security Solutions provider.

Experts are predicting that the operation will involve Triton malware that targets safety systems at industrial plants and destroys physical equipment.

State-sponsored or advanced persistent threat (APT) groups such as APT33, APT34, APT35 and APT39 are from Iran and their victims belong to every sector in the Middle East.

Recent Indicators of Compromise for the Triton malware are given below.

Impact

Disruption of Industrial processes

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • dc81f383624955e0c0441734f9f1dabfe03f373c
  • 6c39c3f4a08d3d78f2eb973a94bd7718
  • 437f135ba179959a580412e564d3107f
  • b47ad4840089247b058121e95732beb82e6311d0
  • 91bad86388c68f34d9a2db644f7a1e6ffd58a449
  • 9c29c1ab56c939978ad6315d78571fa5
  • 0face841f7b2953e7c29c064d6886523
  • 1dd89871c4f8eca7a42642bf4c5ec2aa7688fd5c
  • e98f4f3505f05bf90e17554fbc97bba9
  • 97e785e92b416638c3a584ffbfce9f8f0434a5fd
  • 288166952f934146be172f6353e9a1f5
  • d6e997a4b6a54d1aeedb646731f3b0893aee4b82
  • 27c69aa39024d21ea109cc9c9d944a04
  • 66d39af5d61507cf7ea29e4b213f8d7dc9598bed
  • f6b3a73c8c87506acda430671360ce15
  • a6357a8792e68b05690a9736bc3051cba4b43227
  • 4e5797312ed52d9eb80ec19848cadc95
  • 2262362200aa28b0eead1348cb6fda3b6c83ae01
  • 8b675db417cc8b23f4c43f3de5c83438
  • 25dd6785b941ffe6085dd5b4dbded37e1077e222

Remediation

  • Block the threat indicators at their respective controls.
  • Keep all industrial equipment up-to-date and patched against all known vulnerabilities.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.