Iranian threat actors targeting businesses and governments, CISA, Microsoft warn
- by nlqip
Defenders should watch for an archive file named Network Security.zip, which includes an .exe with the Tickler malware, and for a Trojan dropper named sold.dll.
Here’s another example of Peach Sandstorm tactics detailed by Microsoft: After hacking into a European defense organization, the gang moved laterally using the Windows SMB (Server Message Block) protocol. This protocol, which is used for sharing files, printers, and other resources on a network, has been misused by many threat actors. Microsoft offers this advice to network admins for preventing SMB from being used as an attack tool.
In another attack, against a Middle East-based satellite operator, Peach Sandstorm compromised a user using a malicious ZIP file delivered via a Microsoft Teams message, followed by dropping Active Directory (AD) Explorer and taking an AD snapshot. An AD snapshot is a read-only, point-in-time copy of the AD database and related files, which can be used for various legitimate administrative tasks. These snapshots can also be exploited by threat actors for malicious purposes.
Source link
lol
Defenders should watch for an archive file named Network Security.zip, which includes an .exe with the Tickler malware, and for a Trojan dropper named sold.dll. Here’s another example of Peach Sandstorm tactics detailed by Microsoft: After hacking into a European defense organization, the gang moved laterally using the Windows SMB (Server Message Block) protocol. This…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA