News – August 2023

  • The Road Map To Sino-US Cyber Cooperation Requires Both Nations To Look In The Mirror

    August 11, 2023

    The United States often poses itself as a champion of international cybersecurity despite its extensive record of transgressions in the realm of cyber-attacks and surveillance, according to which some would even proclaim the nation a global adversary. Concurrently, China’s involvement in intentional cyber-attacks targeting vital American infrastructure and cyberspace remains increasingly prominent. Read more… Source: Forbes  

  • Unknown actor targets power generator with DroxiDat and Cobalt Strike

    August 10, 2023

    Recently Kaspersky pushed a report about an interesting and common component of the cybercrime malware set – SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, they found a new SystemBC variant deployed to a critical infrastructure target. This time, the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in ...

  • Attacker combines phone, email lures into believable, complex attack chain

    August 10, 2023

      In the course of performing a postmortem investigation of an infected computer, Sophos X-Ops discovered that the attack began with an innocent-sounding phone call. The caller prompted an employee of a Switzerland-based organization to initiate a complex attack chain that compromised the employee’s computer. Sophos Incident Response analysts found that the attackers may have targeted the ...

  • JanelaRAT: Repurposed BX Rat Variant Targeting LATAM FinTech

    August 10, 2023

    In June of 2023, researchers at Zscaler ThreatLabz discovered a threat actor targeting FinTech users in the LATAM region. JanelaRAT involves several tactics, techniques, and procedures (TTPs) such as DLL side-loading, dynamic C2 infrastructure, and a multi-stage attack. The final malware involved in this campaign is a heavily modified variant of BX RAT. Because of this, ...

  • Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

    August 10, 2023

    Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs). Exploitation of the discovered vulnerabilities, which affect all versions of CODESYS V3 prior to version, could put operational technology (OT) infrastructure at risk ...

  • CISA Releases Twelve Industrial Control Systems Advisories

    August 10, 2023

    CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-222-01 Siemens Solid Edge, JT2Go and Teamcenter Visualization ICSA-23-222-02 Siemens Parasolid Installer ICSA-23-222-03 Siemens JT Open, JT Utilities, and Parasolid Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • The 10th Annual Cyber Senate Control Systems Cybersecurity UK EU conference is coming to London on the 7th and 8th November.

    August 10, 2023

    The 10th Annual Cyber Senate Control Systems Cybersecurity UK EU conference is coming to London on the 7th and 8th November. Our aim is to provide the energy, manufacturing, transport, power and industrial sectors with the opportunity to learn from their peers and together, define their priorities, close the gap of disconnect between people and ...

  • Common TTPs of attacks against industrial organizations

    August 10, 2023

    In 2022 Kaspersky investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Based on similarities found between these campaigns and previously researched campaigns (e.g., ExCone, DexCone), including the use of FourteenHi variants, specific TTPs ...

  • Germany says Charming Kitten hackers target Iran dissidents

    August 10, 2023

    Germany’s Federal Office for the Protection of the Constitution (BfV) on Thursday warned critics of the Iranian leadership living in Germany that they might be targeted by hackers. The agency said the Charming Kitten online espionage group works by building trust with victims to the extent that they expose data on themselves, and any online ...

  • An overview of the new Rhysida ransomware targeting the Healthcare sector

    August 9, 2023

    On August 4, 2023, the HHS’ Health Sector Cybersecurity Coordination Center (HC3) released a security alert about a relatively new ransomware called Rhysida (detected as Ransom.PS1.RHYSIDA.SM), which has been active since May 2023. In this blog entry, Trend Micro reaseachers will provide details on Rhysida, including its targets and what they know about its infection ...