APT Activity, Chrome 0-Day, MuddyWater, and More - Weekly Threat Briefing
Get COVID-19 Cyber Security Resources Learn More

Weekly Threat Briefing: APT Activity, Chrome 0-Day, MuddyWater, and More

March 3, 2020 | Anomali Threat Research Team

The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: 0-Day, Data breach, NetSupport Manager RAT, Roaming Mantis, Sea Turtle, and Trickbot. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Observed Threats

Additional information regarding the threats discussed in this week's Weekly Threat Briefing can be found below:

MuddyWater

Researchers from Palo Alto Networks and FireEye discovered the Advanced Persistent Threat (APT) group, "MuddyWater" to have been active since at least February 2017. The group was initially dubbed "TEMP.Zagros" by FireEye, and was suspected to be connected to the financially-motivated group, "FIN7;" however, researchers determined this group was Iranian-based with espionage as their main motivation. The group invests significant time to profile their targets and uses social engineering techniques to deliver weaponised word with malicious macros. The group is well equipped with various post-exploitation tools that are developed by themselves. These tactics show that the actor is a sophisticated threat to organisations.

Anomali Threat Research Team
About the Author

Anomali Threat Research Team

Get the latest threat intelligence news in your email.