Friday, April 28, 2017

US-CERT: Alert (TA17-117A) - Intrusions Affecting Multiple Victims Across Multiple Sectors

Alert from US-CERT:

US-CERT: Alert (TA17-117A) - Intrusions Affecting Multiple Victims Across Multiple Sectors

"The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.

According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates, along with placing sophisticated malware implants on critical systems. Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools."

No comments:

Post a Comment