Subject: [Security Alert] Beware of Fraudulent IT Support Calls
Dear employees,
We have received reports of social engineering attacks where attackers pose as IT support staff via phone to steal sensitive information.
What we need from you: 1. Be cautious of unsolicited calls or emails claiming to be from IT support. 2. Never share your password or grant remote access to your computer over the phone. 3. Report any suspicious contact to the IT security team immediately.
Deadline: Immediate
件å: ãå ±æãSilent Ransom Group ã«ããæ³åŸã»å°éãµãŒãã¹æ¥ãžã®æ»æã«ã€ããŠ
ãç²ãããŸã§ããSilent Ransom Group (UNC3753/Luna Moth/Chatty Spider) ã«ããæšçåæ»æã«é¢ããæ å ±å ±æã§ãã
Subject: [Threat Intel] Silent Ransom Group Targeting Professional Services
Dear Security Team,
This is a notification regarding the activity of the Silent Ransom Group (also known as UNC3753, Luna Moth, and Chatty Spider).
â Overview The group is utilizing vishing (voice phishing) by impersonating IT support to target law firms and professional services. The attack chain is highly efficient, often resulting in data exfiltration within hours of the initial call.
â Scope - Law firms, financial services, and professional service organizations.
â Recommended Actions 1. Conduct targeted awareness training for employees regarding vishing and social engineering. 2. Review and enforce MFA policies to prevent unauthorized access via stolen credentials. 3. Monitor for anomalous authentication patterns and unauthorized privilege escalation.
We are sharing information regarding the C0XMO botnet, a new Gafgyt variant targeting DD-WRT router firmware.
â Overview C0XMO exploits vulnerabilities in DD-WRT (including CVE-2021-2) to spread across various CPU architectures (ARM, MIPS, x86, etc.). It is designed for modular updates and is primarily used to launch large-scale DDoS attacks using 19 different methods.
â Scope - Routers running DD-WRT firmware - Vulnerable DVRs, video management platforms, and Android-based devices
â Mitigation Steps 1. Update DD-WRT firmware to the latest patched version immediately. 2. Restrict external access to router management interfaces (Web UI) and enforce VPN access if necessary. 3. Monitor network traffic for anomalies indicative of DDoS activity (e.g., UDP/TCP/SYN floods).
We are sharing information regarding a vulnerability in SolarWinds Serv-U.
â Overview An unauthenticated Denial-of-Service (DoS) vulnerability (CVE-2026-28318, CVSS 7.5) has been identified in SolarWinds Serv-U. This flaw has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild.
â Scope - Affected Product: SolarWinds Serv-U
â Mitigation Steps 1. Verify if SolarWinds Serv-U is deployed within the environment. 2. Apply the latest security updates provided by SolarWinds immediately.
â Reference - CISA KEV Catalog - SolarWinds Official Advisory