Weekly Threat Briefing: Georgia Court System Hit in Ransomware Attack

The intelligence in this week’s iteration discuss the following threats: APT, Banking malware, Cryptocurrency miner, Data leak, Exploit kit, Malvertising, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.

The Advanced Persistent Threat (APT) group “APT33” is believed to be an Iranian-based group that has been active since at least 2013. APT33 conducts cyber espionage campaigns and deploys destructive malware on an organizations primarily situated in Saudi Arabia but have also targeted firms in South Korea and the United States. They are believed to be a state-sponsored group, because their campaigns target firms that would align to Iranian government and military interests. They have heavily targeted the aviation industry in Saudi Arabia, which may suggest that they are attempting to acquire knowledge on Saudi Arabia’s military aviation capabilities in order to enhance their domestic aviation abilities and to support strategic decisions. Their targeting of the South Korean petrochemical industry may been to gain insight into South Korea’s partnerships with Iran’s petrochemical industry as well as their relationships with Saudi Arabian petrochemical companies. Possibly in an attempt to help gain information needed to expand Iran’s petrochemical production and competitiveness in the Middle East.

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now