Overview On February 9, NSFOCUS CERT detected that Microsoft released the February security update patch, which fixed 48 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Dynamics, and Azure, including privilege escalation and remote code execution. and other high-risk vulnerability types. Among the vulnerabilities fixed by...
Blog
India’s National APT Organization SideWinder Launched Phishing Attacks
Overview Recently, NSFOCUS Labs discovered that the South Asian APT organization SideWinder launched phishing attacks with documents used Pakistan National Day-related content as the bait. The domain name of command and control (C2) server was forged as a Pakistani government website. Since SideWinder ‘s targets include Pakistan and China, it...
Moving Swiftly from Makeshift Remedies to Routine: A Thought on Security Operations
On December 9, 2021, the Log4j vulnerability was disclosed and had a huge impact. According to monitoring of NSFOCUS Threat Intelligence, hundreds of thousands of assets were affected by the vulnerability. A week after the vulnerability was disclosed, the NTI detected tens of thousands of malicious IP addresses using the...
Samba Remote Code Execution Vulnerability (CVE-2021-44142)
Overview Recently, NSFOCUS CERT detected a Samba remote code execution vulnerability (CVE-2021-44142) disclosed online. Because the default configuration of Samba's vfs_fruit module allows out-of-bounds heap read and write through extended file attributes. When smbd parses EA metadata, a remote attacker (guest account or unauthorized user) with write access to the...
Russian APT Group Gamaredon Launches Phishing Campaign against Ukrainian Ministry of Foreign Affairs
Recently, NSFOCUS Security Labs captured a fishing document with the theme "ПÐРТÐЕРИ КУЛЬТУРÐОЇ ДИПЛОМÐТІЇ МЗС УКРÐЇÐИ" (Cultural Diplomatic Partner of the Ukrainian Ministry of Foreign Affairs), and confirmed that the producer of the document was Gamaredon, a Russia-based advanced persistent threat group. The phishing document contains highly credible bait content, and...
APT Retrospection: Lorec53, An Active Russian Hack Group Launched Phishing Attacks Against Georgian Government
Summary In July 2021, several phishing documents created in Georgian were discovered by NSFOCUS Security Labs. In these phishing documents, the attackers used current political hotspots in Georgia to create bait and deliver a secret stealing Trojan to specifically targeted victims aiming to steal various documents from their computers. Correlation...
