In response to the recent attacks by APT29, the FBI and Department of Justice have seized two domains that were linked to spearphishing campaigns. According to Microsoft, the actors included a modified HTML document to embed an ISO file and, when the ISO was mounted, varied to include an RTF document or an LNK file which would both execute the CobaltStrike Beacon. APT29 is attributed to the Russian Federation’s SVR and was also named by government agencies and private security firms as the group responsible for the SolarWinds supply-chain attacks in 2020.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security