A large phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. Researchers from the security firm, Cofense, observed the attacks against “a major Energy company based in the US.” The reported phishing campaign also targeted organizations in other industries, including finance, insurance, manufacturing, and ... READ MORE
RSM Defense
Rhysida Ransomware Attack on PMH and Connections to Vice Society Ransomware
On August 4th, 2023, the parent company of Eastern Connecticut Health Network and Waterbury Health, Prospect Medical Holdings(PMH), announced that all of its facilities were facing IT complications. Prospect Medical Holdings is a parent company to over 16 hospitals, 165 outpatient clinics, in over 4 states ( California, Connecticut, Pennsylvania, Rhode Island) It was later ... READ MORE
STORM-0558 Utilizes Acquired MSA Keys to Forge Authentication Tokens Then Attack Outlook Exchange
On July 12, 2023, The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA)(aa23-193a) detailing an attack on an Federal Civilian Executive Branch (FCEB) agency in June 2023. The attack had been observed due to observing anomalous activity within the Microsoft 365 (M365) audit logs. ... READ MORE
AI Used in Scams: Faked Kidnapping
A mother of a 15-year-old girl, Jennifer DeStefano, received a disturbing phone call on January 20th, 2023, while taking her younger daughter, Aubrey, 13, to a dance rehearsal in Scottsdale Arizona. The call's caller ID showed an “Unknown number”, yet a familiar voice was heard on the other end of the telephone call. The voice belonged to her other teenager, Brianna ... READ MORE
Intel Insights – USB Flash Drive Bombs Observed in Ecuador
RSM Defense Intelligence has observed some claims and reports of a Universal Serial Bus (USB) thumb drive or commonly called flash drive being used as single detonation bombs. One such example was in Ecuador. The device was mailed to a journalist and Ecuadorian television presenter, which resulted in the USB being utilized as an explosive after being plugged into the USB ... READ MORE
Intel Insights – VMWare ESXi and ESXiArgs Ransomware
RSM Defense Intelligence has observed open-source reporting, as well as notifications from CISA(JCSA_AA23-039A), which indicates that malicious actors are exploiting known vulnerabilities in VMware ESXi software to gain access to servers and deploy ESXiArgs ransomware. Vulnerabilities utilized by the malicious actors include CVE-2021-21974 (CVSS 8.8), CVE-2020-3992 (CVSS 9.8), ... READ MORE
Intel Insights – ChatGPT: Good Angel or Bad Robot?
Since the roll out of Open AI’s publicly accessible ChatGPT (Generative Pre-training Transformer) on November 30, 2022, ChatGPT has been subject to widespread attention both in the Clearnet and “DarkWeb”. ChatGPT is based on the GPT architecture and was first released in 2019. Since then, it has undergone several updates and major changes. The GPT model was trained on a ... READ MORE
Intel Insights – Emotet recommences email spam operations after five-month break
RSM Defense Analyst Notes: On November 2nd, 2022, Cryptolaemus researchers observed the Emotet malware operation spamming malicious emails after a nearly five-month period of little activity. The current campaign uses stolen email reply chains to distribute malicious Excel attachments. The attachments target users worldwide using various languages and files names, masquerading ... READ MORE
The easiest way to not get eaten is to at least try to not look like food: Critical asset considerations – Part 2
We are back! We didn’t go anywhere we have just been busy like everyone else. Today, we carry on my favorite miniseries of the best way to not get eaten is to not look like food; proverbially of course. Part 2 of this is regarding critical asset protections. This includes, but again not limited to, domain controllers and critical asset backups, business continuity planning, ... READ MORE
Russia Ukraine Conflict Observables
With the rise of cyberwarfare against Ukraine and Russia, one could agree that there could be potential blowback from the sanctions that the United States has placed on the country of Russia. Some of the attacks that have been observed against Ukraine are attacks that include data wiping malware, such as HermeticWiper, Whispergate, and IsaacWiper. There have also been ... READ MORE