Med-Mastodon

Pyrzout :vm:From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks – Source:hackread.com <a href="https://ciso2ciso.com/from-tv5monde-to-govt-france-blames-russias-apt28-for-cyberattacks-sourcehackread-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/from-tv5monde-to-govt-france-blames-russias-apt28-for-cyberattacks-sourcehackread-com/</a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener" target="_blank">#1CyberSecurityNewsPost</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/ForestBlizzard" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForestBlizzard</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/CyberAttacks" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttacks</a> <a href="https://social.skynetcloud.site/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttack</a> <a href="https://social.skynetcloud.site/tags/BlueDelta" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlueDelta</a> <a href="https://social.skynetcloud.site/tags/FancyBear" class="mention hashtag" rel="nofollow noopener" target="_blank">#FancyBear</a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hackread</a> <a href="https://social.skynetcloud.site/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://social.skynetcloud.site/tags/TV5Monde" class="mention hashtag" rel="nofollow noopener" target="_blank">#TV5Monde</a> <a href="https://social.skynetcloud.site/tags/France" class="mention hashtag" rel="nofollow noopener" target="_blank">#France</a> <a href="https://social.skynetcloud.site/tags/Sednit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sednit</a> <a href="https://social.skynetcloud.site/tags/Sofacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sofacy</a> <a href="https://social.skynetcloud.site/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT28</a>

Marcel SIneM(S)USNearest Neighbor Attack: Angriff über WLAN des Nachbarn | Security <a href="https://www.heise.de/news/US-Firma-ueber-benachbarte-WLAN-Geraete-Dritter-angegriffen-10129358.html" rel="nofollow noopener" translate="no" target="_blank">https://www.heise.de/news/US-Firma-ueber-benachbarte-WLAN-Geraete-Dritter-angegriffen-10129358.html</a> <a href="https://social.tchncs.de/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberCrime</a> <a href="https://social.tchncs.de/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT28</a> <a href="https://social.tchncs.de/tags/FancyBear" class="mention hashtag" rel="nofollow noopener" target="_blank">#FancyBear</a> <a href="https://social.tchncs.de/tags/ForestBlizzard" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForestBlizzard</a> <a href="https://social.tchncs.de/tags/Sofacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sofacy</a> <a href="https://social.tchncs.de/tags/GruesomeLarch" class="mention hashtag" rel="nofollow noopener" target="_blank">#GruesomeLarch</a>

gtbarryWindows vulnerability reported by the NSA exploited to install Russian malwareKremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed<a href="https://mastodon.social/tags/ForestBlizzard" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForestBlizzard</a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> <a href="https://mastodon.social/tags/russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#russia</a> <a href="https://mastodon.social/tags/russian" class="mention hashtag" rel="nofollow noopener" target="_blank">#russian</a> <a href="https://mastodon.social/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NSA</a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackers</a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://mastodon.social/tags/hacked" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacked</a><a href="https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/</a>

Taggart :donor:<a href="https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/" rel="nofollow noopener" target="_blank">This analysis</a> of <a href="https://infosec.town/tags/APT28" rel="nofollow noopener" target="_blank">#APT28</a> aka <a href="https://infosec.town/tags/ForestBlizzard" rel="nofollow noopener" target="_blank">#ForestBlizzard</a> methodology is being reported all over as though it were special. And while it may be "unique" to the group, it's just...not that special. Everything I see here should be detected by modern standard defenses. This attack chain doesn't even read like an APT to me; it reads like a cybercrime group. What am I missing?

Not SimonMicrosoft reported that APT28 (Fancy Bear, Forest Blizzard) used a custom tool to elevate privileges and steal credentials in compromised networks. This GooseEgg tool leveraged CVE-2022-38028 (7.8 high, disclosed 11 October 2022 by Microsoft; Windows Print Spooler Elevation of Privilege Vulnerability). APT28 is publicly attributed to Russian General Staff Main Intelligence Directorate (GRU). IOC provided. 🔗 <a href="https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/" rel="nofollow noopener" translate="no" target="_blank">https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/</a><a href="https://infosec.exchange/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT28</a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberespionage</a> <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://infosec.exchange/tags/FancyBear" class="mention hashtag" rel="nofollow noopener" target="_blank">#FancyBear</a> <a href="https://infosec.exchange/tags/ForestBlizzard" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForestBlizzard</a> <a href="https://infosec.exchange/tags/CVE_2022_38028" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE_2022_38028</a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#eitw</a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#activeexploitation</a> <a href="https://infosec.exchange/tags/GooseEgg" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooseEgg</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬<a href="https://hachyderm.io/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a>, <a href="https://hachyderm.io/tags/OpenAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenAI</a> say <a href="https://hachyderm.io/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#US</a> rivals use artificial intelligence in hacking Microsoft says <a href="https://hachyderm.io/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a>, <a href="https://hachyderm.io/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a>, <a href="https://hachyderm.io/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iran</a> and <a href="https://hachyderm.io/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#NorthKorea</a> have all used <a href="https://hachyderm.io/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> to improve their abilitiesFrom their report they say they are spying on users:: In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as <a href="https://hachyderm.io/tags/ForestBlizzard" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForestBlizzard</a>, <a href="https://hachyderm.io/tags/EmeraldSleet" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmeraldSleet</a>, <a href="https://hachyderm.io/tags/CrimsonSandstorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrimsonSandstorm</a>, <a href="https://hachyderm.io/tags/CharcoalTyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#CharcoalTyphoon</a>, and <a href="https://hachyderm.io/tags/SalmonTyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#SalmonTyphoon</a>—using <a href="https://hachyderm.io/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LLM</a> to augment cyberoperations. <a href="https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/" rel="nofollow noopener" translate="no" target="_blank">https://www.washingtonpost.com/technology/2024/02/14/us-adversaries-using-artificial-intelligence-boost-hacking-efforts/</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬<a href="https://hachyderm.io/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#FBI</a> Dismantles <a href="https://hachyderm.io/tags/Ubiquiti" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ubiquiti</a> Router Botnet Controlled by <a href="https://hachyderm.io/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti <a href="https://hachyderm.io/tags/EdgeOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#EdgeOS</a> routers that still used publicly known default administrator <a href="https://hachyderm.io/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#passwords</a>. <a href="https://hachyderm.io/tags/GRU" class="mention hashtag" rel="nofollow noopener" target="_blank">#GRU</a> hackers then used the <a href="https://hachyderm.io/tags/Moobot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Moobot</a> <a href="https://hachyderm.io/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber <a href="https://hachyderm.io/tags/espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#espionage</a> platform,” agency said <a href="https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/" rel="nofollow noopener" translate="no" target="_blank">https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/</a> <a href="https://hachyderm.io/tags/ForestBlizzard" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForestBlizzard</a> <a href="https://hachyderm.io/tags/Sofacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sofacy</a> <a href="https://hachyderm.io/tags/FancyBear" class="mention hashtag" rel="nofollow noopener" target="_blank">#FancyBear</a> <a href="https://hachyderm.io/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT28</a>Please patch and change <a href="https://hachyderm.io/tags/defaultpasswords" class="mention hashtag" rel="nofollow noopener" target="_blank">#defaultpasswords</a>

Not SimonProofpoint observed regular APT28 (Russia GRU) phishing activity since March 2023 to send high-volume campaigns to targets in Europe and North America. APT28 leveraged vulnerabilities such as CVE-2023-23397 and CVE-2023-38831 against government, aerospace, education, finance, manufacturing, and technology sectors. IOC and attack chain included. 🔗 <a href="https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week" rel="nofollow noopener" translate="no" target="_blank">https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week</a><a href="https://infosec.exchange/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT28</a> <a href="https://infosec.exchange/tags/FancyBear" class="mention hashtag" rel="nofollow noopener" target="_blank">#FancyBear</a> <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://infosec.exchange/tags/GRU" class="mention hashtag" rel="nofollow noopener" target="_blank">#GRU</a> <a href="https://infosec.exchange/tags/CVE202323397" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202323397</a> <a href="https://infosec.exchange/tags/CVE202338831" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202338831</a> <a href="https://infosec.exchange/tags/ForestBlizzard" class="mention hashtag" rel="nofollow noopener" target="_blank">#ForestBlizzard</a> <a href="https://infosec.exchange/tags/STRONTIUM" class="mention hashtag" rel="nofollow noopener" target="_blank">#STRONTIUM</a> <a href="https://infosec.exchange/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberEspionage</a> <a href="https://infosec.exchange/tags/activeexploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#activeexploitation</a> <a href="https://infosec.exchange/tags/eitw" class="mention hashtag" rel="nofollow noopener" target="_blank">#eitw</a> <a href="https://infosec.exchange/tags/Outlook" class="mention hashtag" rel="nofollow noopener" target="_blank">#Outlook</a>

Recent searches

Search options

Administered by:

Server stats:

#forestblizzard