Secureworks incident responders investigated a long-running intrusion that involved compromises of SharePoint and Exchange servers and multiple web shells with links to Iranian threat groups. Read More
Leveraging a consistent set of tested principles increases the effectiveness and value of threat hunts, providing greater insight of the organization’s environment and improving subsequent detections of malicious activity. Read More
Commonalities revealed during multiple Secureworks incident response engagements provided insights into the GOLD WINTER threat group’s tactics, techniques, and procedures. Read More
Threat actors can abuse legitimate and even verified OAuth applications to conduct phishing attacks. Secureworks has developed the PhishInSuits tool to enable organizations to simulate these attacks and improve defenses. Read More
The targeted organizations are likely of interest to foreign intelligence services, suggesting the intent is espionage. The campaign may be linked to the threat group responsible for the 2020 SolarWinds supply chain attack. Read More
In various incidents, including Darkside and Snatch ransomware operations, threat actors leveraged Tor and Onion Services to create backdoors that gave them ongoing access to compromised networks. Read More
By leveraging a weak password and the ability to forward ports, an unauthenticated attacker could remotely execute code on systems running SonicWall Email Security Appliance versions through 10.0.2. Read More
The availability of up-to-date asset inventories and network diagrams, particularly for critical systems, can improve the efficiency and effectiveness of incident response and recovery efforts. Read More
Similarities between the SUPERNOVA activity and a previous compromise of the network suggest that SPIRAL was responsible for both intrusions and reveal information about the threat group. Read More
