• CISA Warns of Hurricane/Typhoon-Related Scams
• CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land”
_________________________________________________
CISA Warns of Hurricane/Typhoon-Related Scams
Situation:
CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon.
Problem:
Attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs).
Implication:
Disaster victims will be more susceptible to getting their information or money stolen.
Need:
We encourages users to exercise caution in handling emails with hurricane/typhoon-related subject lines, attachments, or hyperlinks to avoid compromise. In addition, be wary of social media pleas, texts, or door-to-door solicitations related to severe weather events.
Additional Resources:
Staying Alert to Disaster-related Scams: (Link)
Before Giving to a Charity: (Link)
Using Caution with Email Attachments: (Link)
Avoiding Social Engineering and Phishing Attacks:(Link)
____________________________________________________________________
CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land”
Situation:
CISA joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China (PRC) state-sponsored cyber threat actor.
Problem:
PRC cyber actors use techniques called “living off the land” to evade detection by using built-in networking administration tools to compromise networks and conduct malicious activity.
Implication:
This enables the cyber actor to blend in with routine Windows system and network activities, limit activity and data captured in default logging configurations, and avoid endpoint detection and response (EDR) products that could alert to the introduction of third-party applications on the host or network
Need:
We encourage network defenders to use the actor’s commands and detection signatures provided in this advisory and to view the indicators of compromise (IOCs) and mitigations summaries to detect this activity.
Additional Resources:
CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land” (Link)
People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Link)