Cyber Threats Targeting Asia, Winter 2019
ATT&CK techniques detected
T1046Network Service Discovery
94%
“##5 attacks. these ip addresses were primarily hosted in russia. the attacks coming from rm engineering targeted rfb port 5900 with credential stuffing attacks and were received by systems all over the world. rm engineering is new to our top threat actor network tracking as of ju…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1046Network Service Discovery
93%
“of the top 50 can be attributed to the malicious smb port 445 activity. attack types of top attacking ip addresses many of the ip addresses attacking asian systems during the winter of 2019 were involved in abusive port scanning activity. as noted in the top attacked ports sectio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1046Network Service Discovery
70%
“be more difficult for enterprises to filter out as it requires behavioral detection versus geographical ip address blocking, assuming that businesses want to remain accessible to customers within their region. singapore, the top source traffic country in asia was only seen target…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Asian systems saw a large amount of SMB attack traffic during this time period, mainly driven from in-region IP addresses.