In this blog post we cover a widespread phishing campaign Recon recently observed targeting multiple customers. This post is not meant to be highly technical, instead it walks through how these attacks unfold and but still provides defenders and organizations some tools to defend against these attacks.
Recently, our team was asked to provide training for an operational military Cyber Protection Team (CPT). This unit, and many others, are working remotely due to the current global situation but still need a way to provide cutting-edge training to keep their operators sharp and mission-ready. This was a particularly important engagement to the team at Recon as we are a team composed heavily of veterans and current members of Reserve/National Guard components.
US-CERT posted a new Tactical Alert (TA18-106A) based on a combined intelligence effort between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). It provided an alert on network devices being exploited by Russian state-sponsored actors. Network device targets include but are not limited to government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors. The TA outlines details on the tactics, techniques, and procedures (TTPs) used by Russian state actors. The purpose of the TA was to inform the public about the Russian government campaign.