Over the past thirty days, the Ankura Cybersecurity team has worked with clients to solve cybersecurity challenges involving recent Russian threat actor and threat landscape activity, statements from the well-known threat actor “Conti”, the Phishing-as-a-Service (PHaaS) campaign BulletProftLink, and a new joint advisory published by CISA regarding recent critical infrastructure attacks against the United States Water and Wastewater Systems (WWS).
Recent Russian Threat Activity
Russian cyber activity is on the rise, targeting government entities and financial firms. Microsoft’s Digital Defense Report claims Russian nation-state actors are increasingly effective and details the attacks by the Nobelium threat group. Recent cyber activity indicates Russia is aspiring to gain extended access to the technology supply chain and establish an implementation of surveillance.
Large-Scale PHaaS Operation Bulletproftlink
The Bulletproftlink phishing-as-a-service operation is still operational and flourishing. The operation facilitates selling multiple single payment or monthly subscription-based services that include email templates, phishing kits, and spoofed malicious webpages as well as providing hosting and automation services at a reasonably low price.
Joint Advisory for Water & Wastewater Facilities
The CISA, FBI, EPA, and NSA released a joint alert detailing several attacks on U.S. Water and Wastewater Systems between 2019-2021. While attacks targeting SCADA networks can involve attackers taking control of ICS devices, CISA’s alert placed a great deal of emphasis on ransomware attacks. CISA also released an alert detailing several steps wastewater plants should take immediately to mitigate risk.
Threat Actor of the Month: IronHusky
IronHusky is a Chinese-based threat actor first attributed in July 2017 targeting Russian and Mongolian governments, as well as aviation companies and research institutes. Since their initial attacks ceased in 2018, they have been working on a new remote access trojan (RAT) dubbed MysterySnail. CTAPT analysts combine multiple reports from Kaspersky to outline the tools, techniques, and procedures (TTPs) of this nearly 4-year-old actor.
Recent Advancements of Conti
The CISA, FBI, and NSA released a joint advisory on the Conti Threat Group highlighting an increase in ransomware attacks, the group’s typical tactics, techniques, and procedures (TTPs), and recommended mitigation measures. Conti made an official statement regarding their updated terms and conditions in an effort to control media visibility and stay more covert in light of new U.S. regulations, and also shared their thoughts on REvil’s recent activity.
Read more by downloading our full October Cyber Threat Intelligence Bulletin below.
© Copyright 2021. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
