今日威胁情报2021/1/6-9(第337期）

TI.360.CN

高级威胁分析

1、【牛逼报告】来自recordedfuture的报告，研究攻击者恶意远控C2节点和网络基础相关情报。价值极高的报告

https://www.recordedfuture.com/2020-adversary-infrastructure-report/

https://go.recordedfuture.com/hubfs/reports/cta-2021-0107.pdf

2、Earth Wendigo的新活动，该活动一直针对台湾的多个组织-自2019年5月以来，旨在通过将JavaScript后门注入台湾广泛使用的Webmail系统中，从目标组织中窃取电子邮件。

https://www.trendmicro.com/en_us/research/21/a/earth-wendigo-injects-javascript-backdoor-to-service-worker-for-.html

3、Retrohunting APT37：朝鲜APT使用VBA自解码技术注入RokRat

https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/

4、APT-C-41 ,StrongPity APT借助新的基础架构扩展了全球覆盖范围

https://cybleinc.com/2020/12/31/strongpity-apt-extends-global-reach-with-new-infrastructure/

5、朝鲜APT 组织利用私人股票投资工具做软件供应链攻击

https://blog.alyac.co.kr/3489

6、TA551攻击分析。没啥亮点

https://unit42.paloaltonetworks.com/ta551-shathak-icedid/

7、FIN7 JSSLOADER的演变

https://blog.morphisec.com/the-evolution-of-the-fin7-jssloader

技术分享

1、NSA 分享工具，看看哪些TLS有问题。

https://github.com/nsacyber/Mitigating-Obsolete-TLS

https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2462345/nsa-releases-eliminating-obsolete-transport-layer-security-tls-protocol-configu/

漏洞相关

0、PsExec中的本地特权升级0day

https://blog.0patch.com/2021/01/local-privilege-escalation-0day-in.html

1、罗克韦尔自动化RSLinx中的拒绝服务漏洞

https://blog.talosintelligence.com/2021/01/vuln-spotlight-denial-rockwell-automation-jan-2021.html

2、致远OA 文件上传漏洞通告

https://cert.360.cn/warning/detail?id=dd60abf4d293b5031d11e17a38a6b547

3、FortiWeb 多个高危漏洞安全通告

https://cert.360.cn/warning/detail?id=6a0e456cd5ec4a25f7f61a036de7e9a7

4、CVE-2020-17518/17519：Apache Flink 目录遍历漏洞

https://cert.360.cn/warning/detail?id=b985a81d0fbcfd531a686a4c2d56d489

5、配合物理攻击工具，CVE-2021-3011，该漏洞会影响Google Titan和YubiKey硬件安全密钥中使用的芯片，以绕过2FA程序。

https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf

数据泄露

1、日产git源码泄露

https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/

网络战与网络情报

1、Dutch policy debate on 5G spectrum is in deadlock: telco’s and military intelligence have opposing legitimate interests in 3.5GHz band

https://blog.cyberwar.nl/2018/06/dutch-policy-debate-on-5g-spectrum-is-in-deadlock-telcos-and-military-intelligence-have-opposing-legitimate-interests-in-3-5ghz-band/

2、SolarWinds对拉脱维亚网络空间的影响

https://cert.lv/lv/2021/01/apjomiga-incidenta-solarwinds-ietekme-uz-latvijas-kibertelpu

https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure

3、SolarWinds Compromise: Cyber Unified Coordination Group Forms and Points Finger at Russia

https://news.clearancejobs.com/2021/01/06/solarwinds-compromise-cyber-unified-coordination-group-forms-and-points-finger-at-russia/

4、美国国务卿蓬佩奥（Mike Pompeo）本周批准了网络空间安全和新兴技术局（CSET）的成立。

5、英国创建的国家网络部队（NCF）

https://www.iiss.org/blogs/analysis/2020/11/uk-national-cyber-force

6、你看看那人家这办事儿态度！学习了！

https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html

7、美国DOD对供应链安全的持续手段，将供应链下游公司的安全要求纳入了与美国国防部的合同中。

https://www.nextgov.com/cybersecurity/2021/01/cmmc-dramatic-year-pentagons-contractor-cybersecurity-program/171084/

本文始发于微信公众号（ThreatPage全球威胁情报）：今日威胁情报2021/1/6-9(第337期）