Cybersecurity

In a recent blog post by Mandiant, security researchers detail techniques used by the Chinese state-sponsored threat actor APT41 against the government networks of multiple U.S. states between the months of May 2021 and February 2022. During this period, the company observed the use of various zero day vulnerabilities, including the notorious Log4j vulnerability, to successfully compromise applications used by at least six states.

Amidst Russia’s ongoing invasion of Ukraine, threat actors are using phishing emails related to the conflict to deliver malware and infect victim computers with remote access trojans (RAT). After installing RATs on a target system to gain remote access, adversaries can then steal sensitive information, conduct network reconnaissance, disable security software, and other malicious activities. Security researchers at Bitdefender Labs are tracking two distinct phishing campaigns with themes leveraging the conflict. One campaign purports to be a survey about supply chain disruptions.

The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with RagnarLocker ransomware. The FLASH indicates that since January 2022, RagnarLocker ransomware has targeted at least 52 organizations across 10 critical infrastructure sectors. According to the FBI, members of the RagnarLocker group work as part of a ransomware family and frequently alter obfuscation techniques to avoid detection and prevention. The FLASH includes further technical details regarding this activity and lists recommended mitigations.

UPS (uninterruptible power supply) devices are widely relied on to keep our computer networks operational during a short-term power outage and to allow for graceful shutdowns in the event of longer-term power failures. But UPS devices can be a set it and forget it part of our network. A recent trio of vulnerabilities dubbed TLStorm highlight why UPS devices shouldn’t be neglected.