APT41 Operation CuckooBees Campaign Continuation Leveraging Spyder Loader
Threat Intelligence

APT41 Operation CuckooBees Campaign Continuation Leveraging Spyder Loader

Posted on October 19, 2022

By Lee Clark, Cyber Threat Intelligence Analyst & Writer

Context On October 18, 2022, Symentec researchers reported an extension to the Operation CuckooBees campaign leveraging the Spyder Loader to target government organizations in Hong Kong. Community Impact Operation CuckooBees is publicly attributed to APT41 (also known as Winnti), a Chinese state-backed threat group based on tactics, techniques, and procedures (TTPs). The campaign was initially…

Read More
MISP Now Available
Threat Intelligence

RH-ISAC Launches Community MISP Instance

Posted on October 17, 2022

By JJ Josing, Principal Threat Researcher, Ian Furr, Security Integrations Engineer

The RH-ISAC is officially launching a community Malware Information Sharing Platform (MISP) instance for our core members. By utilizing an open-source threat intelligence platform (TIP) like MISP, we can share, store, enrich, vet, correlate, and analyze our shared intelligence. MISP includes many galaxy clusters containing the MITRE ATT&CK framework, Threat Actors, and Tools, to name…

Read More
Magniber Ransomware Campaign Targets Home Users using JavaScript
Threat Intelligence

Magniber Ransomware Campaign Targets Home Users using JavaScript

Posted on October 14, 2022

By Lee Clark, Cyber Threat Intelligence Analyst & Writer

A new campaign is targeting home users using impersonated software updates leveraging JavaScript to deliver the Magniber Ransomware. Context On October 13, 2022, HP security researchers reported the technical details of a current campaign leveraging JavaScript files impersonating legitimate Windows Security updates to infect home users with the single-client Magniber ransomware. Technical Details HP researchers…

Read More
Pro-Russian Threat Group Targets U.S. Airports Websites with DDoS Attacks
Threat Intelligence

Pro-Russian Threat Group Targets U.S. Airports’ Websites with DDoS Attacks

Posted on October 11, 2022

By Lee Clark, Cyber Threat Intelligence Analyst & Writer

On October 10, 2022, the threat group “KillNet” claimed a number of denial-of-service (DDoS) attacks against websites of several major airports in the U.S. Context Airport sites targeted in the campaign include the Hartsfield-Jackson Atlanta International Airport (ATL), the Los Angeles International Airport (LAX), the Chicago O’Hare International Airport (ORD), the Orlando International Airport (MCO),…

Read More
Federal Joint Report Outlines Top CVEs Leveraged by Chinese State-Sponsored Threat Actors
Threat Intelligence

Federal Joint Report Outlines Top CVEs Leveraged by Chinese State-Sponsored Threat Actors

Posted on October 10, 2022

By Lee Clark, Cyber Threat Intelligence Analyst & Writer

On October 6, 2022, CISA released a joint advisory advising telecommunications, defense, and critical infrastructure organizations to patch and mitigate the most prevalent Common Vulnerabilities and Exposures (CVEs) leveraged by suspected Chinese state-sponsored cyber threat actors since 2020. Context According to the report, “PRC state-sponsored cyber actors continue to target government and critical infrastructure networks…

Read More