EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Multiple APT Groups Exploit Exchange Server Vulnerabilities

EclecticIQ Threat Research Team March 24, 2021

Week 12 EIQ_gen_intel_update_image

Summary of Findings

      • At least 10 APT groups have exploited zero day vulnerabilities in Microsoft Exchange Server to attack email servers worldwide.
      • “Maza” is the latest Russian-language cybercrime forum to be breached.
      • A new variant of the Mirai botnet is targeting vulnerabilities in unpatched D-Link, Netgear, and SonicWall devices.
      • A new CISA table can help defenders protect against TTPs used by the APT actor involved in the SolarWinds and Active Directory/M365 compromise.
      • An increase in Dridex-related network attacks is being driven by the Cutwail botnet.

Zero Day Vulnerabilities in Exchange Server Continue to Be Widely Exploited

The recently patched zero day Microsoft Exchange Server vulnerabilities have been widely targeted by multiple advanced persistent threat (APT) and cybercriminal groups. Researchers at ESET have found various APTs including LuckyMouse, Tick, Winnti Group, and Calypso are exploiting the pre-authentication remote code execution (RCE) vulnerability chain (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065).

Microsoft reported that attackers are deploying DearCry ransomware after exploiting the Exchange Server vulnerabilities. Until recently, attackers had only utilized web shells post-exploitation. The use of ransomware suggests new threat actors are targeting these vulnerabilities for financial gain.

Officials at the United Kingdom’s National Cyber Security Centre (NCSC) said they have helped detect and remove malware related to the attacks from more than 2,300 machines at businesses in the country.
It remains critical for organizations to remediate these vulnerabilities immediately by applying the remediation steps and patches. Microsoft has launched a mitigation tool to assist teams in securing their environments.

Russian-Language Cybercriminal Forum "Maza" Breached

An unknown attacker has compromised “Maza” (formerly "Mazafaka"), a highly restricted Russian-language cybercrime forum dating back to 2003. The breach was first detected by researchers at Flashpoint on March 3, 2021.

Maza is the fourth Russian-language online forum to be targeted in 2021. In January, an actor claimed to have breached “Verified,” an established Russian-language forum. In February, the administrator of “Crdclub,” a well-known cybercrime forum, announced that an administrator's account was compromised. Earlier in March, the administrator of the "Exploit[.]"in forum announced that they detected unauthorized secure shell (SSH) access to a proxy server used for protection against distributed denial-of-service (DDoS) attacks.

New Mirai Variant Targeting Network Security Devices

Mirai variants exploiting CVE-2021-27561, CVE-2021-27562, CVE-2021-22502, and CVE-2020-26919 have been uploaded between February and March 2021 from various IP addresses, some merely hours after the vulnerability details were published.

Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers.

CISA Releases SolarWinds APT Activity Detection Table

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released  a table of APT tactics, techniques, and procedures (TTPs) used by the actor involved with the recent SolarWinds compromise. The table is based on the MITRE ATT&CK framework and should be used to detect and respond to related activity.

Cutwail Botnet Spreads Dridex Malware

Researchers at IBM observed an increasing number of a Dridex-related network attacks driven by the Cutwail botnet. The campaign involves first-stage attacks utilizing malicious macro documents attached to spear phishing emails. The macro, when executed by the victim, runs a PowerShell script that deploys the Dridex loader as a second-stage infector. At the time of the report (March 11), the researchers were seeing relatively limited campaigns that were active in Italy and Japan.

 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (121)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo