SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Chinese APT using new version of PlugX malware
Description: The Chinese state-sponsored actor Bronze President (aka Mustang Panda) recently started deploying a new version of the PlugX malware in several espionage campaigns. Security researchers say the group is actively targeting the Russian military. The group is sending targets a decoy document alleged to relate to the Russian military, though it eventually downloads a malicious DLL that loads an updated version of PlugX, a remote access Trojan (RAT) previously associated with Bronze President. This group is known to previously target Asian countries with its malware, and is particularly surprising given China is military allies with Russia and has yet to strongly condemn the country’s invasion of Ukraine. Once installed, PlugX can remotely monitor and access the targeted machine.
References: https://www.darkreading.com/threat-intelligence/chinese-apt-bronze-president-spy-campaign-russian-military
Snort rules: 59622 - 59625
Title: Cisco patches vulnerabilities in ASA, FTD
Description: Cisco disclosed and patched several vulnerabilities in some of its most notable security systems — Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD) and Firepower Management Center (FMC). Of the 19 vulnerabilities fixed earlier this week, 11 are of high severity. CVE-2022-20746 is the most serious of the group with a severity score of 8.8 out of 10. This is an issue in FTD that exists because the software doesn’t properly handle TCP flows. An attacker could exploit this vulnerability without authentication to cause a denial of service. In its release of the vulnerabilities, Cisco said it was not aware of any active attempts to exploit these vulnerabilities.
References: https://www.securityweek.com/cisco-patches-11-high-severity-vulnerabilities-security-products
SNORT® SIDs: 59654, 59658 – 59663 and 59668