Threat Intelligence - RH-ISAC Blog

Key Takeaways On October 25, 2022, Cisco Talos Incident Response (CTIR) researchers published their Quarterly Report: Incident Response Trends in Q3 2022. Key findings include: Ransomware was the top threat this quarter, a slight change from last quarter where commodity trojans surpassed ransomware by a narrow margin. Several high-profile ransomware groups appeared in CTIR engagements…

Context On October 22, 2022, Bleeping Computer reported the technical details of a new Windows zero-day vulnerability that “allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings.” Bleeping Computer assesses that the zero-day was leveraged by ransomware threat actors to deliver the Magniber ransomware in a recent campaign. Technical Details…

Context On October 18, 2022, Symentec researchers reported an extension to the Operation CuckooBees campaign leveraging the Spyder Loader to target government organizations in Hong Kong. Community Impact Operation CuckooBees is publicly attributed to APT41 (also known as Winnti), a Chinese state-backed threat group based on tactics, techniques, and procedures (TTPs). The campaign was initially…

The RH-ISAC is officially launching a community Malware Information Sharing Platform (MISP) instance for our core members. By utilizing an open-source threat intelligence platform (TIP) like MISP, we can share, store, enrich, vet, correlate, and analyze our shared intelligence. MISP includes many galaxy clusters containing the MITRE ATT&CK framework, Threat Actors, and Tools, to name…

A new campaign is targeting home users using impersonated software updates leveraging JavaScript to deliver the Magniber Ransomware. Context On October 13, 2022, HP security researchers reported the technical details of a current campaign leveraging JavaScript files impersonating legitimate Windows Security updates to infect home users with the single-client Magniber ransomware. Technical Details HP researchers…