Today's News and Activity:
Today's activity is extremely high. After the Trump and Putin meeting, we noticed a large uptick in Russian activity which is listed below. Several campaigns that have been dormant have been detected and we are seeing very targeted attacks on information and documents within the US, UK, Germany, Pakistan and other areas.
In addition we are still seeing router exploits known as VPNFilter that are being seen at all monitoring location.
Most Active Attackers
ZombieBoy Cryptocurrency Miner - We are getting reports of this cryptocurrency miner. You can view Event 28919 for additional information.
Trickbot SMB Trojan Activity - Reports of Trickbot spreading by SMB have surfaced. Upon researching in our FirstWatch network, we can confirm that this activity is occuring and that customers using FirstWatch are already protected against this activity. Event: 28920
Russian Remote Access Trojan Activity - We have noted a large uptick in Russian APT activity. We are seeing mostly defense contractors and Government being targeted at this time. There is a second campaign that is targeting the UK and some other middle eastern countries. Events: 28922 and 28924
Gh0stRAT Activity Report - Report of Gh0stRAT activity have also been detected today. Event: 28923
Magnitude EK - The neverending Magnitude EK is once again expanding. There are multiple events covering this activity.
Sidewinder APT Activity - An APT was detected targeting Pakistani Military Infrastructure. The campaign known as Sidewinder has been active for several months. Event: 28926
ESLink Trojaned Downloader (Github) - ESLink has been detected as having a backdoor. The code on Github appears to be infected. Event: 28927
Chthonic Banking Malware is Back - This campaign is once again active. Event: 28928