2022-02-22

Ukraine & Russia Cyber Update

Level: 
Tactical
  |  Source: 
CISA Insight
Share:

Ukraine & Russia Cyber Update

Industry: N/A | Level: Tactical | Sources: CISA Insight & CISA Alert - AA22-011A

Consolidating available advisory information from the Cybersecurity and Infrastructure Security Agency (CISA), regarding the Ukraine and Russia crisis, provided technical guidance on threat TTPs, associated with Russian threat actors, continuing to urge organizations to have increased awareness of cybersecurity. The advisory provides information for vulnerabilities Russian APT groups have commonly exploited, including Oracle Weblogic, Exchange, Cisco, VMWare and Citrix. Attacks target all critical infrastructure groups "specifically targeted operational technology (OT)/industrial control systems (ICS) networks." TTPs based on the MITRE ATT&CK framework are provided in advisory - AA22-011A. CISA and the FBI have also issued a joint advisory identifying the U.S Cleared Defense Contractors (CDCs) being targeted by state-sponsored Russian Threat Actors to acquire sensitive information. The attacks against CDCs were observed since January 2020 resulting in the compromise of US intelligence, "This theft has granted the actors significant insight into U.S. weapons platforms development and deployment timelines, plans for communications infrastructure, and specific technologies employed by the U.S. government and military."

  • Anvilogic Scenarios:
  • Malicious Document Delivering Malware
  • APT29/Nobelium Behaviors
  • Anvilogic Use Cases:
  • Weblogic RCE 2020-14882 (WAF)
  • ZeroLogon CVE-2020-1472
  • Executable Create Script Process
  • NTDSUtil.exe execution
  • Service Stop Commands

Get trending threats published weekly by the Anvilogic team.

Sign Up Now