DigiByte Security

This article was published in May of this year, but it's new to me. Sharing for expanded awareness as it covers many topics beneficial to DFIR and cybersecurity.

👉 Volt Typhoon is categorized as a state-sponsored actor based in China that typically focuses on espionage and information gathering.

👉 Threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity.

👉 Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations.

👉 National Security Agency (NSA) has also published a Cybersecurity Advisory - hyperlink to PDF is contained in the article.

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.

https://www-cybcube-com.cdn.ampproject.org/c/s/www.cybcube.com/news/ransomware-cartels-using-new-tactics-to-extort-money?hs_amp=true

Ransomware cartels using new tactics to extort money Gangs of cyber criminals, organising themselves along the lines of drug cartels, are changing the ‘rules’ of ransomware attacks to keep ahead of the authorities’ efforts to thwart their activities. That’s the conclusion of a new report by leading cyber analytics expert CyberCube.

Free Resources | SimplyCyber free cyber resources from around the internet

Insurance giant CNA hit by new Phoenix CryptoLocker ransomware Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group.

https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop - Microsoft Security Our continued investigation into the Solorigate attack has uncovered new details about the handover from the Solorigate DLL backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others).

Here's another "Best Places" to work published by Glassdoor!

Best Places to Work Employees have spoken! Here are the Best Places to Work in 2021, according to employees. Did your company make it?

Interested in a new chapter, maybe one of these companies will be a good fit!?

100 Best Places To Work In San Francisco 2021 | Built In San Francisco Built In San Francisco’s Best Places to Work in San Francisco list ranks the startups and tech companies with the best employee benefits and salary in 2021. Did your company make the list?

https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html

SUNBURST Additional Technical Details FireEye has discovered additional details about the SUNBURST backdoor used in a global intrusion campaign by a sophisticated actor we are tracking as UNC2452.

https://sapphirex00.medium.com/revil-aka-sodinokibi-ransomware-operator-interview-english-version-a5cb3e52ff2

REvil aka Sodinokibi Ransomware Operator interview — English Version For a long time the World has been hearing the ransomware word a lot since Wannacry and still today many hosts for different reasons are…

SolarWinds attack - What it is and what's to come.

SolarWinds: What It Means & What’s Next

Anyone else impacted by this glitch?

Google blames Gmail, YouTube outage on error in user indentification system On Tuesday, Google's Gmail service had another disruption. The company attributed this to an issue with data migration

More on the SolarWinds code compromise....

cyber.dhs.gov - Emergency Directive 21-01 A site for cybersecurity directives and implementation guidance, from the Cybersecurity and Infrastructure Security Agency.