CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.

CISA and the FBI encourage organizations to review the update to AA22-057A as well as the Shields Up Technical Guidance webpage for ways to identify, respond to, and mitigate disruptive cyber activity. 



Comments

Post a Comment

Popular posts from this blog

FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks

Image
By Sergiu Gatlan,  Bleeping Computer Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. "ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector," the joint advisory cautions. Today's warning follows an April 2022 FBI flash alert and another advisory issued in December 2023 detailing the BlackCat cybercrime gang's activity since it surfaced in November 2021 as a suspected rebrand of the DarkSide and BlackMatter ransomware groups. The FBI linked BlackCat to over 60 breaches during its first four months of activity (between November 2021 and March 2022) and said the gang has raked in at least $300 million in ransoms from over 1,000 victims until September 2023. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the three federal agencies warned in today...
Read more

Microsoft says massive Azure outage was caused by DDoS attack

Image
By Sergiu Gatlan,  Bleeping Computer Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack. Redmond says the outage impacted Microsoft Entra, some Microsoft 365 and Microsoft Purview services (including Intune, Power BI, and Power Platform), as well as Azure App Services, Application Insights, Azure IoT Central, Azure Log Search Alerts, Azure Policy, and the Azure portal. The company confirmed in a mitigation statement published today that the root cause behind yesterday's outage was a DDoS attack, although it has yet to link it to a specific threat actor. "While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack, which activated our DDoS protection mechanisms, initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating i...
Read more

Why remote desktop tools are facing an onslaught of cyber threats

Image
By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and ...
Read more