SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Infamous Russian state-sponsored actor launches new campaign in Ukraine
Description: Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The campaign, part of an ongoing espionage operation observed as recently as August 2022, aims to deliver information-stealing malware to Ukrainian victim machines and makes heavy use of multiple modular PowerShell and VBScript (VBS) scripts as part of the infection chain. The infostealer is a dual-purpose malware that includes capabilities for exfiltrating specific file types and deploying additional binary and script-based payloads on an infected endpoint. This campaign aligns with Gamaredon’s past motivations of targeting Ukraine since Russia’s invasion.
Snort SIDs: 60517 - 60539
Title: Microsoft warns of zero-day affecting all versions of Windows
Description: Microsoft is warning of a zero-day vulnerability affecting all versions of Windows that the company disclosed last week as part of Patch Tuesday. Since the initial disclosure, the U.S. Cybersecurity and Infrastructure Security Agency warned federal agencies to patch for the vulnerability in Windows Common Log File System Driver as soon as possible. CVE-2022-37969 could enable an attacker to establish SYSTEM-level privileges, which could be used to make changes on the targeted device or use those privileges to execute follow-on attacks. Microsoft warned that users running Windows 11 and earlier, and Windows Server 2008 and Windows Server 2012, are affected.
Snort SIDs: 60555 - 60558