[CDP-development] :: ALERT :: information from the ORKIC group vis CSS SOC
CSS Security Operations Services * DAS
css-soc-services at das.oregon.gov
Wed Mar 27 11:49:00 PDT 2024
This information has been reported by Richard Thomas richard.thomas at lblesd.k12.or.us<mailto:richard.thomas at lblesd.k12.or.us> If you have questions or concerns, please reach out to Richard via the email address provided.
>From Richard:
-We have had a malicious attack using a very well known education listserv.
-The district involved has been working with CISA.
-CISA are recommending full reimage for any device with access.
-CISA has also reported that they have seen this attack in other sectors as well.
IOCs:
10ee6218481850701761c89def0c6d2239552cb051450b4dd669713eab5e7779 sha256
bc1qr4pajz0dg0s3dd3gc9mx0s0[.]com
185[.]216[.]70[.]216
Invoice 65952.html
transb[@]transbrandao[.]com
Thanks,
[cid:image001.png at 01DA8035.DB874BB0]
BRIAN GOERGEN, CISSP
Security Analyst III | Security Operations Center
Team Lead | Detection & Response
Enterprise Information Services | Cyber Security Services (CSS)
Phone: (503)507-4183 | Hotline: (503) 378-5930
"Ensuring accessible, reliable and secure state technology systems that serve Oregonians."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240327/b7a9ac0c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240327/b7a9ac0c/attachment-0001.png>
More information about the CDP-development
mailing list