CERT mailing list archives
ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Mon, 22 Jun 2020 16:16:02 +0000
Cybersecurity and Infrastructure Security Agency Logo National Cyber Awareness System: ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises [ https://www.us-cert.gov/ncas/current-activity/2020/06/22/acsc-releases-advisory-cyber-campaign-using-copy-paste-compromises ] 06/22/2020 09:00 AM EDT Original release date: June 22, 2020 The Australian Cyber Security Centre (ACSC) has released an advisory regarding an ongoing cyber campaign involving copy-paste compromises targeting Australian government and commercial networks. According to the advisory, a sophisticated malicious cyber actor is carrying out the campaign using open-source code that exploits known remote code execution vulnerabilities and spearphishing attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the tactics, techniques, and procedures and mitigations identified in ASCS Advisory 2020-008 [ https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks ] as well as: * CISA Security Tip: Questions Every CEO Should Ask About Cyber Risks [ https://www.us-cert.gov/ncas/tips/ST18-007 ] * CISA Security Tip: Understanding Patches and Software Updates [ https://www.us-cert.gov%20https://www.us-cert.gov/ncas/tips/ST04-006 ] * CISA Security Tip: Supplementing Passwords [ https://www.us-cert.gov%20https://www.us-cert.gov/ncas/tips/ST05-012 ] This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ https://www.dhs.gov/privacy-policy ] policy. body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: #333333; } ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises US-CERT (Jun 22)