Original release date: January 16, 2022
Microsoft has released a blog post on possible Master Boot Record (MBR) Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files.
CISA recommends network defenders review the Microsoft blog for tactics, techniques, and procedures, as well as indicators of compromise related to this activity. CISA additionally recommends network defenders review recent Cybersecurity Advisories and the CISA Insights, Preparing For and Mitigating Potential Cyber Threats.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2019-19006 Sangoma FreePBX Improper…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team (CERT Polska’s)…
This website uses cookies.