At a glance.
- Joint warning on Zeppelin ransomware.
- Update on the DoNot Team, APT-C-35.
- Rewards for Justice offers $10 million for information on Conti operators.
- The optempo of the war's cyber phase, and how Ukraine has responded.
- Organizing and equipping hacktivists.
- CISA issues twenty-eight ICS security advisories.
Joint warning on Zeppelin ransomware.
The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory on Zeppelin ransomware. Developed from the Delphi-based Vega malware family, Zeppelin is a ransomware-as-a-service offering that's used "to target a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries." It gains access to its victims either through phishing or by RDP exploitation of known SonicWall firewall vulnerabilities. Zeppelin is typically used in double-extortion attacks, exfiltrating files before encrypting them, and thus adding the threat of doxing to the denial of access to data. The advisory includes a comprehensive list of indicators of compromise as well as recommended mitigations.