US-CERT- TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

Started by Netwörkheäd, March 09, 2018, 12:02:20 PM

Previous topic - Next topic

Netwörkheäd

TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

[html]Original release date: October 20, 2017 | Last revised: October 23, 2017

         

Systems Affected


         
  • Domain Controllers
  • File Servers
  • Email Servers
         
         

Overview


         

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. Working with U.S. and international partners, DHS and FBI identified victims in these sectors. This report contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by APT actors on compromised victims' networks.

DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector. Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign. The intent of this product is to educate network defenders and enable them to identify and reduce exposure to malicious activity.

For a downloadable copy of IOC packages

Let's not argue. Let's network!