Updated Resources Section and Monthly reports

2023-03-14 13:58:12 -04:00 · 2023-03-14 13:58:12 -04:00 · c4c1daca16
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@
 Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. ([Blog](https://www.curatedintel.org/2021/08/welcome.html) | [Twitter](https://twitter.com/CuratedIntel) | [LinkedIn](https://www.linkedin.com/company/curatedintelligence/))

 ### `Resources`
-  - ### Timeline of Threat Reports
+  - ### Timeline of 2022 Threat Reports
    - #### [`January Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/January.md)
    - #### [`February Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/February.md)
    - #### [`March Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/March.md)
@ -13,6 +13,13 @@ Curated Intelligence is working with analysts from around the world to provide u
    - #### [`June Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/June.md)
    - #### [`July Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/July.md)
    - #### [`August Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/August.md)
+    - #### [`September Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/September.md)
+    - #### [`October Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/October.md)
+    - #### [`November Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/November.md)
+    - #### [`December Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/December.md)
+  - ### Timeline of 2023 Threat Reports
+    - #### [`January Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/January2023.md)
+    - #### [`February Threat Reports`](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/Threat%20Reports/February2023.md)

  - #### Vendor Support
  - #### Vetted OSINT Sources 
--- a/Reports/December.md
+++ b/Reports/December.md
@ -0,0 +1,16 @@
+#### `December Threat Reports`
+| Date | Source | Threat(s) | URL |
+| --- | --- | --- | --- |
+| 2 December | PWC | Blue Callisto orbits around US Laboratories in 2022 | [pwc.com](https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html) |
+| 5 December | Recorded Future | Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations | [recordedfuture.com](https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations) |
+| 5 December | Sekoia | Calisto show interests into entities involved in Ukraine war support | [sekoia.com](https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support/) |
+| 10 December | Mandiant | Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | [mandiant.com](https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government) |
+| 12 December | Carnegie Endowment | Cyber Operations in Ukraine: Russia’s Unmet Expectations | [carnegieendowment.org](https://carnegieendowment.org/2022/12/12/cyber-operations-in-ukraine-russia-s-unmet-expectations-pub-88607) |
+| 16 December | Carnegie Endowment | Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications | [carnegieendowment.org](https://carnegieendowment.org/2022/12/16/russia-s-wartime-cyber-operations-in-ukraine-military-impacts-influences-and-implications-pub-88657) |
+| 19 December | Carnegie Endowment  | What the Russian Invasion Reveals About the Future of Cyber Warfare | [carnegieendowment.org](https://carnegieendowment.org/2022/12/19/what-russian-invasion-reveals-about-future-of-cyber-warfare-pub-88667) |
+| 20 December | Unit42 | Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine| [unti42.paloaltonetworks.com](https://unit42.paloaltonetworks.com/trident-ursa/) |
+| 26 December | Telegraph | German double agent ‘passed Ukraine intelligence to Russia’ | [telegraph.co.uk](https://www.telegraph.co.uk/world-news/2022/12/26/german-double-agent-passed-uk) |
+| 30 December | Ukrainian Govt | CERT-UA has processed over 2,000 cyberattacks against Ukraine year to date| [cip.gov.ua](https://cip.gov.ua/en/news/cert-ua-vid-pochatku-roku-opracyuvala-bilshe-dvokh-tisyach-kiberatak-na-ukrayinu) |
+
+
+
--- a/Reports/February2023.md
+++ b/Reports/February2023.md
@ -0,0 +1,5 @@
+#### `February Threat Reports`
+| Date | Source | Threat(s) | URL |
+| --- | --- | --- | --- |
+| 8 FEB | Symantex | Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine | [symantec-enterprise-blogs.security.com](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nodaria-ukraine-infostealer)|
+
--- a/Reports/January2023.md
+++ b/Reports/January2023.md
@ -0,0 +1,18 @@
+
+#### `January Threat Reports`
+| Date | Source | Threat(s) | URL |
+| --- | --- | --- | --- |
+| 3 JAN | @prodaft| UNC1151, a state-sponsored threat actor attacking NATO countries, has recently increased its activities. As per PRODAFT’s usual, we are actively monitoring them and sharing our findings with relevant authorities. | [twitter.com/prodaft](https://twitter.com/prodaft/status/1610290523687862272?s=46&t=ODWeUVRef118ZQufOoINeA)|
+| 9 JAN | Politico| Kyiv argues Russian cyberattacks could be war crimes | [politico.eu](https://www.politico.eu/article/victor-zhora-ukraine-russia-cyberattack-infrastructure-war-crime/)|
+| 10 JAN | The Record| Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it | [therecord.media](https://therecord.media/pro-ukraine-hackers-leak-russian-data-in-hopes-someone-will-make-sense-of-it/)|
+| 11 JAN | Avast | DDosia Project: Volunteers Carrying out NoName(057)16’s Dirty Work | [decoded.avast.io](https://decoded.avast.io/martinchlumecky/ddosia-project/)|
+| 17 JAN | Ukrainian Govt | Study: Relations between cyberattacks, conventional attacks and information attacks in Ukraine  are in line with the russian concept of “hybrid warfare”| [cip.gov.ua](https://cip.gov.ua/en/news/doslidzhennya-zv-yazok-mizh-kiberatakami-konvenciinimi-ta-informaciinimi-atakami-v-ukrayini-vidpovidaye-rosiiskii-koncepciyi-gibridnoyi-viini)|
+| 19 JAN | Blackberry | Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations | [blogs.blackberry.com](https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations)|
+| 23 JAN | @sekoia_io | Gamaredon impersonating UA MoD to target Lithuania MoD | [twitter.com/sekoia_io](https://twitter.com/sekoia_io/status/1617536283081084928)|
+| 25 JAN | Reuters | Russian 'hacktivists' briefly knock German websites offline | [reuters.com](https://www.reuters.com/world/europe/russian-hacktivists-briefly-knock-german-websites-offline-2023-01-25/)|
+| 27 JAN | Team Cymru | A Blog with NoName - Further Insight into the Hacktivist Operation Targeting NATO and Affiliated Nations | [team-cymru.com](https://www.team-cymru.com/post/a-blog-with-noname)|
+| 27 JAN | @esetresearch | BREAKING On January 25th #ESETResearch discovered a new cyberattack in  Ukraine. SwiftSlicer  | [twitter.com/ESETresearch](https://twitter.com/ESETresearch/status/1618960022150729728)|
+| 29 JAN | Security Affairs | IT Army of Ukraine claims to have breached and leaded data from Gazprom in Russia | [securityaffairs.com](https://securityaffairs.com/141640/hacktivism/it-army-of-ukraine-hacked-gazprom.html)|
+| 31 JAN | ESET | APT ACTIVITY REPORT T3 2022 | [welivesecurity.com](https://www.welivesecurity.com/wp-content/uploads/2023/01/eset_apt_activity_report_t32022.pdf)|
+| 31 JAN | ESET | ESET Research: Russian APT groups, including Sandworm, continue their attacks against Ukraine with wipers and ransomware| [eset.com](https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-russian-apt-groups-including-sandworm-continue-their-attacks-against-ukraine-with-wipe/)|
+| 31 JAN | Ukrainian Govt | Another UAC-0100 Story | [scpc.gov.ua](https://scpc.gov.ua/api/docs/19b0a96e-8c31-44bf-863e-cd3e0b651f22/19b0a96e-8c31-44bf-863e-cd3e0b651f22.pdf)|
--- a/Reports/November.md
+++ b/Reports/November.md
@ -0,0 +1,11 @@
+#### `November Threat Reports`
+| Date | Source | Threat(s) | URL |
+| --- | --- | --- | --- |
+| 3 November | Carnegie Endowment | Evaluating the International Support to Ukrainian Cyber Defense | [carnegieendowment.org](https://carnegieendowment.org/2022/11/03/evaluating-international-support-to-ukrainian-cyber-defense-pub-88322) |
+| 14 November | CRDF Global | CRDF Global Becomes Platform for Cyber Defense Assistance Collaborative (CDAC) for Ukraine, Receives Grant from Craig  Newmark Philanthropies | [carnegieendowment.org](https://www.crdfglobal.org/news/crdf-global-becomes-platform-for-cyber-defense-assistance-collaborative-cdac-for-ukraine-receives-grant-from-craig-newmark-philanthtrellix.coropies/) |
+| 15 November | Trellix | Wipermania: An All You Can Wipe Buffet | [trellix.com](https://www.trellix.com/en-us/about/newsroom/stories/research/wipermania-an-all-you-can-wipe-buffet.html) |
+| 21 November | @esetresearch | On November 21st ESETResearch detected and alerted CERT_UA of a wave of ransomware we named RansomBoggs, deployed in multiple organizations in Ukraine. While the malware written in .NET is new, its deployment is similar to previous attacks attributed to #Sandworm. | [twitter.com/esetresearch](https://twitter.com/ESETresearch/status/1596181925663760386) |
+| 23 November | Trustwave | Killnet Claims Attacks Against Starlink, Whitehouse.gov, and United Kingdom Websites | [trustwave.com](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/killnet-claims-attacks-against-starlink-whitehousegov-and-united-kingdom-websites/) |
+
+
+
--- a/Reports/October.md
+++ b/Reports/October.md
@ -0,0 +1,10 @@
+#### `October Threat Reports`
+| Date | Source | Threat(s) | URL |
+| --- | --- | --- | --- |
+| 10 October | Bleeding Computer | US airports' sites taken down in DDoS attacks by pro-Russian hackers (KillNet) | [bleepcomputer.com](https://www.bleepingcomputer.com/news/security/us-airports-sites-taken-down-in-ddos-attacks-by-pro-russian-hackers/) |
+| 11 October | Fortinet | Ukrainian Military-Themed Excel File Delivers Multi-Stage Cobalt Strike Loader | [fortinet.com](https://www.fortinet.com/blog/threat-research/ukrainian-excel-file-delivers-multi-stage-cobalt-strike-loader) |
+| 13 October | Radware | Project DDOSIA Russia's answer to disBalancer | [radware.com](https://www.radware.com/security/threat-advisories-and-attack-reports/project-ddosia-russias-answer-to-disbalancer/) |
+| 14 October | Microsoft | New “Prestige” ransomware impacts organizations in Ukraine and Poland | [microsoft.com](https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/) |
+| 19 October | Intel471 | Pro-Russian Hacktivism and Its Role in the War in Ukraine | [intel471.com](https://intel471.com/blog/pro-russian-hacktivism-and-its-role-in-the-war-in-ukraine) |
+
+
--- a/Reports/September.md
+++ b/Reports/September.md
@ -1,9 +1,7 @@
-#### `August Threat Reports`
+#### `September Threat Reports`
 | Date | Source | Threat(s) | URL |
 | --- | --- | --- | --- |
-| 8 August | Gazeta | Gazeta ru published an interview with Killmilk, the founder of Killnet, who says he left the group to do riskier stuff | [gazeta.ru](https://www.gazeta.ru/tech/2022/08/07/15229652.shtml) |
-| 9 August | Yle | NBI launches probe into attack on Finnish Parliament site - The National Bureau of Investigation (NBI) has launched a probe into the  denial of service attack, which allegedly originated from Russia. | [yle.fi](https://yle.fi/a/3-12569719) |
-| 10 August | DarkTrace | Threat actor tactics in the Russo-Ukrainian conflict: analyst observations and predictions | [darktrace.com](https://darktrace.com/blog/threat-actor-tactics-in-the-russo-ukrainian-conflict-analyst-observations-and-predictions) |
-| 11 August | DEF CON - Kenneth Geers | Computer Hacks in the Russia-Ukraine War | [media.defcon.org](https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Kenneth%20Geers%20-%20Computer%20Hacks%20in%20the%20Russia-Ukraine%20War%20-%20paper.pdf) |
-| 18 August | @cyberknow20 | Russian cyberarmy is targeting a Finnish satellite imagery company. The majority of attacks continue to be driven by geopolitical factors. | [twitter.com/cyberknow20](https://twitter.com/cyberknow20/status/1560253423856934912) |
-| 30 August | @cpartisans | Belarus Cyber Partisans group claim to have stolen passport copies for all of Belarus | [twitter.com/cpartisans](https://twitter.com/cpartisans/status/1564639766783692800) |
+| 7 September | Google TAG | Initial access broker repurposing techniques in targeted attacks against Ukraine (UAC-0098) | [blog.google/threat-analysis-group](https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/) |
+| 19 September | Record Future | Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine | [recordfuture.com](https://www.recordedfuture.com/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine) |
+| 23 September | Mandiant | GRU: Rise of the (Telegram) MinIOns | [mandiant.com](https://www.mandiant.com/resources/blog/gru-rise-telegram-minions) |
+| 26 September | Ukrainian Govt | Invaders Preparing Mass Cyberattacks on Facilities of Critical Infrastructure of Ukraine and Its Allies | [gur.gove.ua](https://gur.gov.ua/en/content/okupanty-hotuiut-masovani-kiberataky-na-ob-iekty-krytychnoi-infrastruktury-ukrainy-ta-ii-soiuznykiv.html) |