Threat Intelligence - RH-ISAC Blog

Summary The Common Weakness Enumeration (CEV) organization has released their 2022 Top 25 Most Dangerous Software Weaknesses list. This list demonstrates the most common and impactful software weaknesses occurring during the year of 2022. To create the list, the CWE Team leveraged Common Vulnerabilities and Exposures (CVE) data found within the National Institute of Standards and Technology (NIST) National Vulnerability…

Context On June 9, 2022, SentinelLabs disclosed technical details of a new Chinese-speaking cyberespionage group designated Aoqin Dragon. According to researchers at SentinelLabs, the group has been operating a cyberespionage campaign against government, education, and telecommunication organizations in Southeast Asia and Australia from at least 2013 to the present. SentinelLabs researchers also assessed with moderate…

Context On the evening of June 7, 2022, the United States National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) released a joint advisory detailing the tactics, techniques, and procedures (TTPs) used by unspecified Chinese state-backed threat actors to target unspecified telecommunication and network service organizations…

Context On June 1, 2022, the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), the Treasury Department, and the Financial Crimes Enforcement Network released a joint advisory with technical details and indicators of compromise for the Karakurt data extortion group. Karakurt is an advanced persistent threat (APT) group focused…

Context Microsoft has shared mitigation measures, which are included below, to block attacks exploiting the flaw, designated CVE-2022-30190, while a patch is being developed. Microsoft‘s entry for CVE-2022-30190 indicates it affects MSDT on all versions of Windows and Windows Server and has detected exploitation in the wild. The remote code execution vulnerability exists when Microsoft Support Diagnostic Tool (MSDT) is called using the…

Context On May 25, 2022, multiple flights in India were grounded for several hours after the airline confirmed a ransomware attack on their internal systems that also disrupted their website functionality. On May 26, 2022, a small airline cancelled all flights leaving Gatwick in the United Kingdom from 1 to 3 p.m. BST due to…

Summary The notable ransomware gang known as Conti has, according to security firm Advanced Intel (AdvIntel), taken its infrastructure offline and shut down its ransomware operations. While public-facing ‘Conti News’ data leak and the ransom negotiation sites are still online, the Tor admin panels used by Conti members to perform negotiations, publish news, and generate…

Context On May 19, 2022, security researchers at Sentinel Labs released technical details of a campaign targeting the Rust development community with a supply-chain attack by leveraging a malicious crate. The Rust Security Response Working Group released an advisory regarding the malicious crate on May 10, 2022. The malicious crate was named “rustdecimal,” likely intended…

Context On May 12, 2022, Apache released an advisory regarding a high severity vulnerability in Apache Tomcat. The vulnerability, designated CVE-2022-25762, affects Tomcat versions 9.0.0.M1 to 9.0.2o and 8.5.0 to 8.5.75. Apache advises users to upgrade to 9.0.21 or later or 8.5.76 or later to mitigate the vulnerability. A May 16, 2022 advisory from CISA…

Context The Hive ransomware variant has been extremely active in the past year. The ransomware was originally discovered in June of 2021, and reportedly is responsible for more than 300 compromises since September 2021. The FBI released a notice warning the public of the threat in August 2021 after Hive ransomware compromised dozens of medical…