Heightened Cybersecurity Resource Center

Another Wiper Malware Targeted Enterprises in Ukraine #DoubleZero

Enterprises in Ukraine were targeted by another wiper malware. Dubbed "DoubleZero," the malware was distributed in a zip archive and destroys the compromised machine by overwriting files and deleting registry keys.

Joint CyberSecurity Advisory Alert on "PrintNightmare” Vulnerability and Default MFA Protocols Exploited by Russian State-Sponsored Cyber Actors

Russian state-sponsored cyber actors have gained network access to a non-governmental organization (NGO) through exploitation of default Multi-Factor Authentication (MFA) protocols and the "PrintNightmare" vulnerability (CVE-2021-34527).

Additional Wiper Malware Deployed in Ukraine #CaddyWiper

A new wiper malware, dubbed CaddWiper, has been observed in the wild attacking Ukrainian interests. Preliminary analysis reveals that it erases user data and partition information from attached drives. This is a breaking news event. More information will be added when relevant updates are available.

MicroBackdoor Used in Attacks Against Ukraine Organizations

CERT-UA reports that Ukrainian organizations are under cyberattacks that aim to install a publicly available backdoor named "MicroBackdoor." The cyberattacks are attributed to APT group "UAC-0051", a group who has reportedly acted for Belarusian government's interests in the past.

Fake Purchase Order Used to Deliver Agent Tesla

FortiGuard Labs recently came across a phishing e-mail masquerading as a purchase order addressed to a Ukrainian manufacturing organization. The e-mail contained a PowerPoint attachment that is in reality a sophisticated, multi-stage effort to deploy the Agent Tesla RAT (Remote Access Trojan).

Remote Utilities Software Distributed in Ukraine via Fake Evacuation Plan Email

A copy of Remote Manipulator System (RMS) was submitted from Ukraine to VirusTotal with the file name roughly translated to "Evacuation Plan (approved by the SSU)". The RMS is a legitimate remote administration tool that allows a user to remotely control another computer.

Defense Against Wiper Malware Attacks

On Feb 23rd, numerous Ukrainian organizations were targeted with attacks employing ‘KillDisk’ or ‘HermeticWiper’ malware, which appears to have no adversarial purpose other than to irreparably destroy data on an endpoint. This article highlights how FortiEDR detects and blocks behavior associated with this wiper activity and how to ensure that FortiEDR is configured to offer these protections.

Nobelium Returns to the Political Stage

FortiGuard Labs has uncovered evidence that the Nobelium group is impersonating someone associated with the Turkish embassy in targeted email-based attacks. We will be analyzing one such attack that uses Omicron/Covid-19 as a lure.

New Wiper Malware Discovered Targeting Ukrainian Interests

FortiGuard Labs is aware of new wiper malware observed in the wild attacking Ukrainian interests. Various estimates indicate that the malware wiper has been installed on several hundreds of machines within the Ukraine.

Incident Readiness Subscription Service

To help you navigate this situation effectively, our Incident Readiness Subscription Service assists customers with a rapid and effective response when an incident is detected but also helps you better prepare for an unforeseen cyber incident through Readiness Assessments, IR Playbook Development and IR Playbook testing (Tabletop Exercises).

Ukraine Crisis Cyber Readiness Checklist

As Russian military forces have operations started in Ukraine, the question of, whether cyber warfare will also be deployed stays unanswered. However, our focus is to keep our customers safe and help them prepare for further cyber-attacks. For that, we put together this readiness checklist.

The Art of War (and Patch Management)

"Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak -- to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity…"

Fortinet Cyber Threat Assessment

Secure network architectures need to constantly evolve to keep up with the latest advanced persistent threats. There are two ways to find out if your solution isn’t keeping up—wait for a breach to happen or run validation tests.

Global Threat Landscape Report 2H 2021

The findings in this report represent the collective intelligence of FortiGuard Labs, drawn from a vast array of network sensors collecting billions of threat events each day observed in live production environments around the world.

Cyber Threat Predictions for 2022

But our challenge going forward is far more than just the rising number of attacks. We are also seeing an increase in attacks on high-profile targets, including the supply chain attack on SolarWinds and the disruption of Colonial Pipeline and JBS Meats, which affect thousands of organizations and millions of people who have nothing to do with IT.