CISA Alert AA22-249A – #StopRansomware: Vice Society.” [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 6 September 2022

⏱️ 4 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA, the FBI, and the Multi-State Information Sharing and Analysis Center, or MS ISAC, are releasing this advisory to disseminate indicators of compromise and TTPs associated with Vice Society actors and their ransomware campaigns. The FBI, CISA, and the MS-ISAC have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks. AA22-249A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a SISA Cybersecurity Alert.
0:14.0	ID number Alpha Alpha 22 TAC-249 Alpha,
0:20.0	Original release date, September 6, 2022.
0:24.0	CISA, the FBI, and the Multistate Information Sharing and Analysis Center,
0:32.0	or MSISAC, are releasing this advisory to disseminate
0:35.1	indicators of compromise and TTPs associated with Vice Society actors and their ransomware campaigns.
0:41.5	The FBI, CISA, and the-ISAC have recently observed Vice Society actors
0:45.6	disproportionately targeting the education sector with ransomware attacks.
0:50.4	Vice Society is an intrusion, exfiltiltration, and extortion hacking group that first appeared in summer 2021.
0:57.0	Vice Society actors do not use a ransomware variant of unique origin.
1:01.0	Instead, the actors have deployed versions of Hello Kitty, Five Hands, and Zeppelin Ransom
1:06.0	where and may deploy other variants.
1:08.0	Vice society actors obtain initial network access through compromised credentials by exploiting internet-facing applications.
1:14.8	Vice society actors have been observed exploiting the print nightmare vulnerability to escalate privileges.
1:19.9	Prior to deploying ransomware, the actors spend time exploring the network, identifying opportunities
1:24.8	to increase accesses, and exfiltrating data for double extortion. Vice society actors have
1:29.8	been observed using a variety of tools, including System BC, Power Shell Empire, and Cobalt
1:34.7	strike for lateral movement.
1:36.8	They have also used living off-the-land techniques targeting the legitimate Windows
1:40.2	Management Instrumentation Service and Tainting shared content.
1:44.0	Over the past several years, the education sector, especially K through 12 institutions,
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.