ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises [ 
https://www.us-cert.gov/ncas/current-activity/2020/06/22/acsc-releases-advisory-cyber-campaign-using-copy-paste-compromises
 ] 06/22/2020 09:00 AM EDT 
Original release date: June 22, 2020

The Australian Cyber Security Centre (ACSC) has released an advisory regarding an ongoing cyber campaign involving 
copy-paste compromises targeting Australian government and commercial networks. According to the advisory, a 
sophisticated malicious cyber actor is carrying out the campaign using open-source code that exploits known remote code 
execution vulnerabilities and spearphishing attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the tactics, 
techniques, and procedures and mitigations identified in ASCS Advisory 2020-008 [ 
https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks
 ] as well as:


  * CISA Security Tip: Questions Every CEO Should Ask About Cyber Risks [ https://www.us-cert.gov/ncas/tips/ST18-007 ] 
  * CISA Security Tip: Understanding Patches and Software Updates [ 
https://www.us-cert.gov%20https://www.us-cert.gov/ncas/tips/ST04-006 ] 
  * CISA Security Tip: Supplementing Passwords [ https://www.us-cert.gov%20https://www.us-cert.gov/ncas/tips/ST05-012 ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]