[CDP-development] CISA and Partners Publish Cyber Advisory on Increased Truebot Activity

Masse, Theresa theresa.masse at cisa.dhs.gov
Thu Jul 6 09:45:53 PDT 2023 

FYSA



As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), “Increased Truebot Activity Infects U.S. and Canada Based Networks<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a>,” to help organizations detect and protect against newly identified Truebot malware variants.



As recently as May 2023, cyber threat actors have been observed using new malware variants of Truebot (also known as Silence Downloader) to collect and exfiltrate information from its target victims. Newer versions of Truebot malware allow malicious actors to gain initial access through exploiting a known vulnerability with Netwrix Auditor application (CVE-2022-3119). When exploited, actors can execute remote code and achieve lateral movement, thus, spreading the malware to collect and exfiltrate information within the compromised environment.



All organizations are recommended to review the advisory and implement recommended mitigations that can help reduce the impact and risk of compromise by ransomware or data extortion actors. Some of the recommended mitigations include mandating phishing-resistant multifactor authentication and apply vendor patches—as applicable to Netwrix Auditor.



Also, organizations are reminded to visit StopRansomware.gov<https://cisa.gov/stopransomware> which provides a range of free U.S. government resources and services that can help bolster cyber hygiene, cybersecurity posture and reduce risk to ransomware.



Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D9AFEE.97AC77C0]






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230706/aa24256d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230706/aa24256d/attachment-0001.png>

More information about the CDP-development mailing list