Today activity has been moderate but lower than yesterday.
Activity Observations
Phishing activity on JP Morgan Chase, PayPal, Bank of the West, Western Union, Salesforce, Docusign (Large targeted campaign), American Express, Capital One, USPS, and Adobe themes continues from yesterdays alert
Cryptojacking from a Go Lang malware called WatchDog has been observed and reported from partners
AppleJeus - another cryptocurrency malware variant. Largely North Korea uses hacking and cryptocurrency theft to fund their nuclear ambitions
Seeing continued phishing from various location that were added to our daily report
Today we noticed some indications that hackers are targeting Arcsight software updates. This may be similar to what has occurred with other attacks but it was notable and our analyst made a note in our system for end users. The attack vector was through CDN distributed content which continues to be a problem for supply chain security.
In addition we added the following documents for reference
No reference documents added today
Some of our ISAC partners have also provided additional context on some of the above listed events that has been included in our threat intelligence data.
Other Notes
We have been letting customers know to monitor DNS and CDN network activity since 2017. We believe with the Solar Winds Orion incident and others similar to this story by show that we can expect continued targeting of supply chain on companies that would be presumed to have network level access at these companies. We have previously warned that DNS RPZ could be used to backdoor companies computing systems as well as the strange and sometimes unbelievable backdoors in common software observed on the CDN networks. Stay vigilant as we are seeing more and more of this activity. We will be publishing an in dept report on this in the coming days outlining specific examples, samples and other data that will allow you to make your own conclusions.
These are some of the most recent observations. In addition we are still seeing CDN and DNS manipulation that points to malware infections locations. It is not known whom is responsible for these as they are distributed far and wide.
Last Updated: 8:26 PM EST