CISA Releases Five Industrial Control Systems Advisories on 04/10/2022 at 11:00 am
Original release date: October 4, 2022CISA has released five (5) Industrial Control Systems (ICS) advisories on October 04, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:
• ICSA-22-277-01 Johnson Controls Metasys ADX Server
• ICSA-22-277-02 Hitachi Energy Modular Switchgear Monitoring
• ICSA-22-277-03 Horner Automation Cscape
• ICSA-22-277-04 Omron CX-Programmer
• ICSMA-22-277-01 BD Totalys MultiProcessor
This product is provided subject to this Notification and this Privacy & Use policy.
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization on 04/10/2022 at 4:58 pm
Original release date: October 4, 2022CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.
Joint Cybersecurity Advisory AA22-277A provides the APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs). CISA, FBI, and NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of APT cyber threats to their networks.
This product is provided subject to this Notification and this Privacy & Use policy.
AA22-277A: Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
Original release date: October 4, 2022 Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication (MFA) on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on network assets. • Audit account usage. […]