In response to the recent attacks by APT29, the FBI and Department of Justice have seized two domains that were linked to spearphishing campaigns. According to Microsoft, the actors included a modified HTML document to embed an ISO file and, when the ISO was mounted, varied to include an RTF document or an LNK file which would both execute the CobaltStrike Beacon. APT29 is attributed to the Russian Federation’s SVR and was also named by government agencies and private security firms as the group responsible for the SolarWinds supply-chain attacks in 2020.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is