What were seeing today 16 Mar 2021


Today activity has been moderate but lower than yesterday.


Activity Observations

  • Seeing Chrome vulnerabilities being exploited by an unknown threat actor

  • Microsoft Exchange servers are still being attacked with the recent vulnerability and started seeing mirrors appear of the Github POC that was taken down

  • BIG-IP devices are being target and mass scan activity

  • Nanocore activity increase in volume

  • Netbounce threat actor appears to be extremely active

  • Noted the indicators shared for Dearcry (Microsoft Exchange)

  • China Chopper webshell installs utilizing Dearcry vulnerabilities


This report may be updated in the next couple of hours with additional information as analyst are currently reviewing new detection's and activity of interest.


In addition we added the following documents for reference

Added 14 documents to our threat intelligence reporting interface


Other Notes

Nothing additional today


Last Updated: 12:35 PM EST