CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. Based on confirmation from open-source reporting and analytical findings of Truebot variants, the four organizations assess cyber threat actors leveraged the malware through phishing campaigns containing malicious redirect hyperlinks.
Additionally, newer versions of Truebot malware allow malicious actors to gain initial access by exploiting a known vulnerability with Netwrix Auditor application (CVE-2022-31199). As recently as May 2023, cyber threat actors used this common vulnerability and exposure to deliver new Truebot malware variants and to collect and exfiltrate information against organizations in the U.S. and Canada.
CISA, FBI, MS-ISAC, and the CCCS encourage all organizations to review this joint advisory and implement the recommended mitigations contained therein—including applying patches to CVE-2022-31199, to reduce the likelihood and impact of Truebot activity, as well as other ransomware related incidents. To report incidents and anomalous activity, please contact one of the following organizations:
CISA, either through the agency’s online tool (cisa.gov/report) or the 24/7 Operations Center at report@cisa.gov or (888) 282-0870.
FBI via a local field office.
State, local, tribal, and territorial (SLTT) government entities can report to the MS-ISAC (SOC@cisecurity.org or 866-787-4522).
Organizations are also encouraged to visit StopRansomware.gov—which provides a range of free U.S. government resources and services that can help bolster cyber hygiene, cybersecurity posture and reduce risk to ransomware, and contains an updated Joint #StopRansomware Guide.
CISA Releases Three Industrial Control Systems Advisories
CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:
ICSA-23-187-01 PiiGAB M-Bus
ICSA-23-187-02 ABUS TVIP
ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update A)
Mozilla Releases Security Advisories for Thunderbird, Firefox, and Firefox ESR
Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox, and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
Security Vulnerabilities fixed in Firefox 115 Mozilla Foundation Security Advisory 2023-24
Security Vulnerabilities fixed in Firefox ESR 102.13 Mozilla Foundation Security Advisory 2023-23
Security Vulnerabilities fixed in Thunderbird 102.13 Mozilla Foundation Security Advisory 2023-22
Increased Truebot Activity Infects U.S. and Canada Based Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States […]