home.social

#forestblizzard — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #forestblizzard, aggregated by home.social.

  1. 📢 Russian-linked #ForestBlizzard hackers hijack home routers for global surveillance, as Microsoft warns that thousands of devices are compromised to intercept traffic and sensitive data.

    Read: hackread.com/russian-forest-bl

    #CyberSecurity #Hacking #Russia #FancyBear #Routers

  2. Good day everyone!

    The Microsoft Threat Intel team has recently dropped some new #ForestBlizzard TTPs and behaviors! They take a look at the malware the group used, named GooseEgg, and reveal how it set up a scheduled task for persistence calling on a batch file named servtask.bat. Find much more information in the article, but I am not going to spoil it! Enjoy and Happy Hunting!

    microsoft.com/en-us/security/b

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #gethunting

  3. This analysis of #APT28 aka #ForestBlizzard methodology is being reported all over as though it were special. And while it may be "unique" to the group, it's just...not that special.

    Everything I see here should be detected by modern standard defenses. This attack chain doesn't even read like an APT to me; it reads like a cybercrime group.

    What am I missing?

  4. Microsoft reported that APT28 (Fancy Bear, Forest Blizzard) used a custom tool to elevate privileges and steal credentials in compromised networks. This GooseEgg tool leveraged CVE-2022-38028 (7.8 high, disclosed 11 October 2022 by Microsoft; Windows Print Spooler Elevation of Privilege Vulnerability) as a zero-day since at least June 2020 (possibly as early as April 2019) which was 2 years 4 months. APT28 is publicly attributed to Russian General Staff Main Intelligence Directorate (GRU). IOC provided. 🔗 microsoft.com/en-us/security/b

    cc: @serghei @campuscodi @briankrebs @jwarminsky

    #APT28 #cyberespionage #Russia #FancyBear #ForestBlizzard #CVE_2022_38028 #eitw #activeexploitation #GooseEgg

  5. #Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
    Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilities

    From their report they say they are spying on users::
    In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
    washingtonpost.com/technology/

  6. #Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
    Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilities

    From their report they say they are spying on users::
    In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
    washingtonpost.com/technology/

  7. , say rivals use artificial intelligence in hacking
    Microsoft says , , and have all used to improve their abilities

    From their report they say they are spying on users::
    In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as , , , , and —using to augment cyberoperations.
    washingtonpost.com/technology/

  8. #Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
    Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilities

    From their report they say they are spying on users::
    In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
    washingtonpost.com/technology/

  9. #Microsoft, #OpenAI say #US rivals use artificial intelligence in hacking
    Microsoft says #Russia, #China, #Iran and #NorthKorea have all used #AI to improve their abilities

    From their report they say they are spying on users::
    In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as #ForestBlizzard, #EmeraldSleet, #CrimsonSandstorm, #CharcoalTyphoon, and #SalmonTyphoon—using #LLM to augment cyberoperations.
    washingtonpost.com/technology/

  10. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords

  11. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords

  12. Dismantles Router Botnet Controlled by
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti routers that still used publicly known default administrator . hackers then used the to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber platform,” agency said
    securityweek.com/fbi-dismantle

    Please patch and change

  13. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords

  14. #FBI Dismantles #Ubiquiti Router Botnet Controlled by #Russia
    “Non-GRU cybercriminals installed the Moobot malware on Ubiquiti #EdgeOS routers that still used publicly known default administrator #passwords. #GRU hackers then used the #Moobot #malware to install their own bespoke scripts and files that repurposed the botnet, turning it into a global cyber #espionage platform,” agency said
    securityweek.com/fbi-dismantle #ForestBlizzard #Sofacy #FancyBear #APT28

    Please patch and change #defaultpasswords