APT41, DragonForce Ransomware Group, Void Blizzard, Luna Moth
Threat Content Highlights
Threat Objects & Profiles
- Added & updated many objects based on newsworthy CTI from the past week-plus. Highlights include:
- TOUGHPROGRESS: Added a Campaign object & associated Software and updated the APT41 Group object (Chinese state-sponsored espionage actor). The group made headlines last week for an “innovative” attack leveraging Google Calendar events for its command & control activities.
- The Campaign object is the focus for this week’s update to our “Trending & Emerging Threats” curated Threat Profile available by default for all clients.
- DragonForce Ransomware Group: A group we highlighted in our May 6 update as a rising concern. Last week, incident responders reported a concerning incident where DragonForce actors exploited vulnerabilities to compromise a tool managed by an MSP, to then move laterally and deploy ransomware on the firm’s clients’ systems.
- Void Blizzard: Added a Group & TTPs around the newest documented Russian espionage APT, as recently reported by Microsoft & Dutch cyber officials.
- New Campaign based largely on new Microsoft reporting, around an existing Turkey-based espionage group. Underscores ongoing coverage beyond just the “big 4” adversarial cyber nations.
- Luna Moth: Updated Group object after an FBI warning about a recent spree of attacks. Luna Moth is notorious for effectively leveraging “voice phishing” social engineering to gain network access, a vector that was the focus of our April 15 “Trending & Emerging Threats” update and flagged in that week’s email update.