jm + talos   1

Talos Intelligence review of Nyetya and the M.E.Doc compromise
Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack.  They have now compromised both their backdoor in the M.E.Doc software and their ability to manipulate the server configuration in the update server. In short, the actor has given up the ability to deliver arbitrary code to the 80% of UA businesses that use M.E.Doc as their accounting software, along with any multinational corporations that leveraged the software.  This is a significant loss in operational capability, and the Threat Intelligence and Interdiction team assesses with moderate confidence that it is unlikely that they would have expended this capability without confidence that they now have or can easily obtain similar capability in target networks of highest priority to the threat actor.
security  malware  nyetya  notpetya  medoc  talos  ransomware 
19 days ago by jm

Copy this bookmark:



description:


tags: