Contents

  1. whois
https://twitter.com/USCERT_gov/status/1593329619452796930?s=20&t=K3QoVv0HR8hDyXMB9KQSfA

1. whois

US-CERT
@USCERT_gov
📢 @CISAgov
, @FBI
 & @HHSGov
 published a #cybersecurity advisory detailing how #HiveRansomware is being used to target the business, #healthcare, #publichealth & critical infrastructure sectors. Review the #TTPs & #IOCs at

https://go.dhs.gov/ZP6

Alert (AA22-321A) #StopRansomware: Hive Ransomware Original release date: November 17, 2022 https://www.cisa.gov/uscert/ncas/alerts/aa22-321a

Summary

Actions to Take Today to Mitigate Cyber Threats from Ransomware:

• Prioritize remediating known exploited vulnerabilities.
• Enable and enforce multifactor authentication with strong passwords
• Close unused ports and remove any application not deemed necessary for day-to-day operations.

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.

FBI, CISA, and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. Victims of ransomware operations should report the incident to their local FBI field office or CISA.

    CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability
    CVE-2021-34473 - Microsoft Exchange Server Remote Code Execution Vulnerability
    CVE-2021-34523 - Microsoft Exchange Server Privilege Escalation Vulnerability

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide November 18, 2022 https://thehackernews.com/2022/11/hive-ransomware-attackers-extorted-100.html

"Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," U.S. cybersecurity and intelligence authorities said in an alert.

hive.png


CategoryDns CategoryWatch CategoryTemplate

Moin2Qmail: Security/ransomware/Hive (last edited 2022-11-27 08:30:01 by ToshinoriMaeno)