Research

SecurityScorecard Identifies Possible Flax Typhoon Infrastructure

On August 24, Microsoft published its analysis of espionage activity it attributes to a new threat actor group tracked as Flax Typhoon, which it assesses to act on behalf of the People’s Republic of China.

New Intrusion Campaign Targeting Users of Popular Business Communication Software

Investigations of Lazarus Group Indicators of Compromise Reveals Suspicious Traffic Involving State Government IP Addresses

Attackers Exploit Windows Vulnerability to Deliver Nokoyawa Ransomware

On April 11, security researchers announced the discovery of CVE-2023-28252, a zero-day vulnerability under active exploitation by a sophisticated cybercriminal group. The vulnerability affects all versions of Windows and could therefore be quite widespread; however, a patch is available.

New APT29 – Attributed Phishing Activity Targets Diplomatic Services

On April 13, Poland’s Computer Emergency Response Team (CERT.PL) and Military Counterintelligence Service released a group of joint advisories regarding newly-observed espionage activity attributed to a Russia-linked threat actor group.

Cyber Risk Intelligence: Cold Storage and Logistics Disruption

On April 26, reports of a service disruption affecting a major cold storage and logistics firm surfaced.

LockBit Group Claims Ransomware Attack Against Southeast Asian Bank

On May 8, the LockBit ransomware group claimed an attack against a major state-owned bank in Southeast Asia.

Ransomware Affiliates Exploit Recently-Discovered PaperCut Vulnerability

On April 26, security researchers announced the discovery of CVE-2023-27350 and CVE-2023-27351, vulnerabilities in the PaperCut print management software solution.

Microsoft ProxyNotShell Zero Days

Prepared by: Rob Ames, Staff Threat Researcher, Jared M. Smith, Ph.D., Senior Director of Threat Research, Ryan Sherstobitoff, SVP of Threat Intelligence

Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services

Daixin Team Ransomware Group Claimed Airline Ransomware Attack

Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education

Following Microsoft’s identification of Flax Typhoon, a new threat actor group believed to conduct espionage on behalf of the People’s Republic of China (PRC), the STRIKE Team used SecurityScorecard’s data to investigate the IoCs Microsoft supplied in its report. This investigation yielded a collection of new IP addresses featuring the same TLS certificates that Microsoft linked to Flax Typhoon.