top of page

What were seeing today 17 Feb 2021

Updated: Feb 18, 2021

Today activity has been moderate but lower than yesterday.

Activity Observations

  • Phishing activity on JP Morgan Chase, PayPal, Bank of the West, Western Union, Salesforce, Docusign (Large targeted campaign), American Express, Capital One, USPS, and Adobe themes continues from yesterdays alert

  • Cryptojacking from a Go Lang malware called WatchDog has been observed and reported from partners

  • AppleJeus - another cryptocurrency malware variant. Largely North Korea uses hacking and cryptocurrency theft to fund their nuclear ambitions

  • Seeing continued phishing from various location that were added to our daily report

  • Today we noticed some indications that hackers are targeting Arcsight software updates. This may be similar to what has occurred with other attacks but it was notable and our analyst made a note in our system for end users. The attack vector was through CDN distributed content which continues to be a problem for supply chain security.

In addition we added the following documents for reference

No reference documents added today

Some of our ISAC partners have also provided additional context on some of the above listed events that has been included in our threat intelligence data.

Other Notes

We have been letting customers know to monitor DNS and CDN network activity since 2017. We believe with the Solar Winds Orion incident and others similar to this story by show that we can expect continued targeting of supply chain on companies that would be presumed to have network level access at these companies. We have previously warned that DNS RPZ could be used to backdoor companies computing systems as well as the strange and sometimes unbelievable backdoors in common software observed on the CDN networks. Stay vigilant as we are seeing more and more of this activity. We will be publishing an in dept report on this in the coming days outlining specific examples, samples and other data that will allow you to make your own conclusions.

These are some of the most recent observations. In addition we are still seeing CDN and DNS manipulation that points to malware infections locations. It is not known whom is responsible for these as they are distributed far and wide.

Last Updated: 8:26 PM EST

7 views0 comments


bottom of page