MSS News: Today's Activity Report


Today's News and Activity:

Today's activity is extremely high. After the Trump and Putin meeting, we noticed a large uptick in Russian activity which is listed below. Several campaigns that have been dormant have been detected and we are seeing very targeted attacks on information and documents within the US, UK, Germany, Pakistan and other areas.

In addition we are still seeing router exploits known as VPNFilter that are being seen at all monitoring location.

Most Active Attackers

Today's Incidents:

ZombieBoy Cryptocurrency Miner - We are getting reports of this cryptocurrency miner. You can view Event 28919 for additional information.

Trickbot SMB Trojan Activity - Reports of Trickbot spreading by SMB have surfaced. Upon researching in our FirstWatch network, we can confirm that this activity is occuring and that customers using FirstWatch are already protected against this activity. Event: 28920

Russian Remote Access Trojan Activity - We have noted a large uptick in Russian APT activity. We are seeing mostly defense contractors and Government being targeted at this time. There is a second campaign that is targeting the UK and some other middle eastern countries. Events: 28922 and 28924

Gh0stRAT Activity Report - Report of Gh0stRAT activity have also been detected today. Event: 28923

Magnitude EK - The neverending Magnitude EK is once again expanding. There are multiple events covering this activity.

Sidewinder APT Activity - An APT was detected targeting Pakistani Military Infrastructure. The campaign known as Sidewinder has been active for several months. Event: 28926

ESLink Trojaned Downloader (Github) - ESLink has been detected as having a backdoor. The code on Github appears to be infected. Event: 28927

Chthonic Banking Malware is Back - This campaign is once again active. Event: 28928

#MSS

16 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.