Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation
#WeaverAnt #ChinaChopper
https://www.sygnia.co/threat-reports-and-advisories/weaver-ant-tracking-a-china-nexus-cyber-espionage-operation/

I hope everyone is having a good weekend!

The Palo Alto Networks Unit 42 research team discovered some activity that they attributed to a very stealthy and rarely seen APT, #Gelsemium. They target a diverse group of industries but use tools like #CobaltStrike, #MetaSploit, and #ChinaChopper but also used the Potato Suite that was seen as JuicyPotato.exe (who can't appreciate that?!). This was a great weekend read and I hope you all enjoy it as much as I did! Happy Hunting!

Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs - Monday's CISA advisory is a staunch reminder for federal government and private sector entities to... https://threatpost.com/hackers-gov-microsoft-exchange-f5-exploits/159226/ #microsoftexchange #networkcompromise #vulnerabilities #f5big-ipdevices #pulsesecurevpns #cve-2019-11510 #cve-2019-19781 #u.s.government #cve-2020-0688 #cve-2020-5902 #spearphishing #vulnerability #chinachopper #hacks