As the tensions over Ukraine, Russia, and the United States continue to escalate, US CISA issued a major advisory for all businesses last week. The advisory warned of imminent threats to digital infrastructure from unspecified actors. Sectrio had also issued a specific advisory on threats to IoT and OT deployments from various APT groups last week.
We reiterate the advisory this week as well since we continue to record high levels of APT activity across the world. As of now, three clusters located in Eastern Europe are active while reconnaissance attacks are emerging from an actor located in South East Asia in the Korean peninsula region. Supply chains, multi-city manufacturers, defense hardware manufacturers, smart city projects, maritime agencies, and Oil and Gas companies are advised to stay on high alert.
We are also tracking a firmware wiper malware that was first reported from Spain last week. The malware uses a publicly available capability to execute lateral movement across the network. Malware developers are now using such capabilities to significantly augment the disruptive capabilities of their malware. Such a move significantly reduces the development cycle for malware but also reduces its detection footprint using conventional means of detection.
For more information, you can stay in touch with our weekly blog posts or you can reach out to us here.
Segments under this list must be on high alert in the coming weeks:
- Critical Infrastructure
- Oil and gas
- Water and water treatment
- Utility treatment facilities
- Financial services