Cyber Threats 2021: A Year in Retrospect
Common Information
| Type | Value |
|---|---|
| UUID | 140b6370-2402-4061-be42-09c78190a54c |
| Fingerprint | 468dc041f68621b927ed3261a60ed46571d229e2786194e38e84f90ff8919821 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 27, 2022, 7:27 p.m. |
| Added to db | March 10, 2024, 6:24 a.m. |
| Last updated | Aug. 31, 2024, 1:44 a.m. |
| Headline | Cyber Threats 2021: A Year in Retrospect |
| Title | Cyber Threats 2021: A Year in Retrospect |
| Detected Hints/Tags/Attributes | 671/4/248 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 80 | cve-2021-26084 |
|
| Details | CVE | 13 | cve-2017-0261 |
|
| Details | CVE | 45 | cve-2021-1732 |
|
| Details | CVE | 14 | cve-2021-28310 |
|
| Details | Domain | 7 | pwc.com |
|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 4 | scribd.com |
|
| Details | Domain | 1 | casheuro.com |
|
| Details | Domain | 1 | murders-dkr.ru |
|
| Details | Domain | 99 | therecord.media |
|
| Details | Domain | 36 | googleprojectzero.blogspot.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 67 | citizenlab.ca |
|
| Details | Domain | 55 | blog.google |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 84 | www.forbes.com |
|
| Details | Domain | 46 | jsac.jpcert.or.jp |
|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 11 | www.amnesty.org |
|
| Details | Domain | 17 | vblocalhost.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 111 | www.justice.gov |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 44 | www.bloomberg.com |
|
| Details | Domain | 2 | www.ncsc.gov.ie |
|
| Details | Domain | 41 | www.bbc.co.uk |
|
| Details | Domain | 5 | helpdesk.kaseya.com |
|
| Details | Domain | 49 | home.treasury.gov |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 128 | www.bitdefender.com |
|
| Details | Domain | 124 | www.nytimes.com |
|
| Details | Domain | 21 | www.state.gov |
|
| Details | Domain | 10 | tass.com |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 6 | www.globenewswire.com |
|
| Details | Domain | 35 | www.europol.europa.eu |
|
| Details | Domain | 47 | intel471.com |
|
| Details | Domain | 2 | www.securitycouncilreport.org |
|
| Details | Domain | 3 | vb2020.vblocalhost.com |
|
| Details | Domain | 7 | labs.f-secure.com |
|
| Details | Domain | 57 | www.clearskysec.com |
|
| Details | Domain | 768 | www.youtube.com |
|
| Details | Domain | 261 | blog.talosintelligence.com |
|
| Details | Domain | 9 | www.thedailybeast.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 3 | www.spglobal.com |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 154 | us-cert.cisa.gov |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 37 | www.blackberry.com |
|
| Details | Domain | 1 | s7d2.scene7.com |
|
| Details | Domain | 27 | www.uptycs.com |
|
| Details | Domain | 4 | blogs.quickheal.com |
|
| Details | Domain | 58 | ti.qianxin.com |
|
| Details | Domain | 7 | ti.dbappsecurity.com.cn |
|
| Details | Domain | 5 | team-cymru.com |
|
| Details | Domain | 17 | www.anomali.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 38 | blog.netlab.360.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 27 | about.fb.com |
|
| Details | Domain | 6 | treasury.gov |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 98 | www.ncsc.gov.uk |
|
| Details | Domain | 83 | www.theguardian.com |
|
| Details | Domain | 1 | mup.vladars.net |
|
| Details | Domain | 8 | www.rnbo.gov.ua |
|
| Details | Domain | 1 | www.rnbo.gov |
|
| Details | Domain | 14 | ssu.gov.ua |
|
| Details | Domain | 105 | web.archive.org |
|
| Details | Domain | 13 | quointelligence.eu |
|
| Details | Domain | 59 | www.cybereason.com |
|
| Details | Domain | 21 | blog.group-ib.com |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 7 | www.acronis.com |
|
| Details | Domain | 45 | www.bankinfosecurity.com |
|
| Details | Domain | 78 | securityaffairs.co |
|
| Details | Domain | 202 | krebsonsecurity.com |
|
| Details | Domain | 2 | www.teiss.co.uk |
|
| Details | Domain | 2 | www.itworldcanada.com |
|
| Details | Domain | 1 | www.retaildive.com |
|
| Details | Domain | 81 | blog.malwarebytes.com |
|
| Details | Domain | 20 | www.pwc.com |
|
| Details | 1 | threatintelligence@pwc.com |
||
| Details | File | 44 | payload.bin |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 58 | password.txt |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 3 | hollow64.txt |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 2 | times.exe |
|
| Details | File | 1 | dgbase.dll |
|
| Details | File | 1 | judianservice.dll |
|
| Details | File | 1 | cbappendix.exe |
|
| Details | File | 3 | a-deep-dive-into-nso-zero-click.html |
|
| Details | File | 4 | jsac2021_301_shui-leon_en.pdf |
|
| Details | File | 3 | windealer.html |
|
| Details | File | 1 | haeghebaert.pdf |
|
| Details | File | 1 | hse-publishes-independent-report-on-conti-cyber-attack.html |
|
| Details | File | 1 | hse_conti_140521_update.pdf |
|
| Details | File | 2 | darkside-pipeline-hack.html |
|
| Details | File | 1 | accellion-provides-update-to-fta-security-incident-following-mandiant-s-preliminary-findings.html |
|
| Details | File | 2 | s_2019_691.pdf |
|
| Details | File | 5 | vb2020.vb |
|
| Details | File | 2 | vb2020-takai-etal.pdf |
|
| Details | File | 1 | lazarus-clearsky.pdf |
|
| Details | File | 3 | kimsuky-abuses-blogs-delivers-malware.html |
|
| Details | File | 1 | and_ketrican.pdf |
|
| Details | File | 2 | whitecompanyoperationshaheenreport.pdf |
|
| Details | File | 7 | ti.db |
|
| Details | File | 1 | deploysandroid-malware-for-the-first-time.html |
|
| Details | File | 1 | technical-threat-report-arid-viper-april-2021.pdf |
|
| Details | File | 1 | 4824.html |
|
| Details | File | 3 | operation_armageddon_final.pdf |
|
| Details | File | 1 | conti-ransomware-graff-jeweller.html |
|
| Details | IBM X-Force - Threat Group Enumeration | 34 | ITG18 |
|
| Details | Mandiant Uncategorized Groups | 27 | UNC757 |
|
| Details | Mandiant Uncategorized Groups | 1 | UNC2428 |
|
| Details | Mandiant Uncategorized Groups | 18 | UNC788 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 2 | DEV-0500 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 2 | DEV-0146 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 19 | DEV-0270 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 4 | DEV-0343 |
|
| Details | Threat Actor Identifier - APT-C | 79 | APT-C-23 |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |
|
| Details | Threat Actor Identifier - APT | 85 | APT15 |
|
| Details | Threat Actor Identifier - APT | 7 | APT25 |
|
| Details | Threat Actor Identifier - APT | 166 | APT31 |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Threat Actor Identifier - APT | 9 | APT9 |
|
| Details | Threat Actor Identifier - APT | 121 | APT36 |
|
| Details | Threat Actor Identifier - APT | 132 | APT32 |
|
| Details | Threat Actor Identifier - APT | 181 | APT33 |
|
| Details | Threat Actor Identifier - APT | 258 | APT34 |
|
| Details | Threat Actor Identifier - APT | 297 | APT27 |
|
| Details | Url | 2 | https://www.technologyreview |
|
| Details | Url | 1 | https://therecord.media/new-german-government-coalition-promises-not-to-buy- |
|
| Details | Url | 1 | https://googleprojectzero.blogspot.com |
|
| Details | Url | 8 | https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers |
|
| Details | Url | 2 | https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-0-day-vulnerabilities |
|
| Details | Url | 1 | https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware- |
|
| Details | Url | 5 | https://www.microsoft.com/security |
|
| Details | Url | 2 | https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks |
|
| Details | Url | 2 | https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild |
|
| Details | Url | 1 | https://googleprojectzero.blogspot |
|
| Details | Url | 1 | https://securelist.com/finspy-unseen-findings/104322 |
|
| Details | Url | 7 | https://www.forbes.com/sites |
|
| Details | Url | 1 | https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-with-targets-in-the-tibetan-community |
|
| Details | Url | 3 | https://jsac.jpcert.or.jp/archive/2021/pdf/jsac2021_301_shui-leon_en.pdf |
|
| Details | Url | 2 | https://securelist.com/apt-trends-report-q2-2017/79332 |
|
| Details | Url | 1 | https://blogs.jpcert.or.jp/en/2021/10/windealer.html#1 |
|
| Details | Url | 1 | https://www.amnesty |
|
| Details | Url | 1 | https://vblocalhost.com/uploads/vb2021- |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/economy_of_the_united_states_by_sector |
|
| Details | Url | 1 | https://www.hse.ie/eng/services/news/media/pressrel/hse-publishes-independent-report-on-conti-cyber-attack.html |
|
| Details | Url | 1 | https://www.justice.gov/opa/pr/department-justice- |
|
| Details | Url | 7 | https://www.bleepingcomputer.com/news/security |
|
| Details | Url | 6 | https://www.bloomberg.com/news |
|
| Details | Url | 1 | https://www.ncsc.gov.ie/pdfs/hse_conti_140521_update.pdf |
|
| Details | Url | 1 | https://www.bbc.co.uk/news/world-us-canada-57318965 |
|
| Details | Url | 1 | https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-important-notice-august-4th-2021 |
|
| Details | Url | 1 | https://home.treasury.gov/news/press-releases/jy0364 |
|
| Details | Url | 2 | https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged- |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/revil-threat- |
|
| Details | Url | 1 | https://www.bitdefender.com/blog/labs/darkside-ransomware-decryption-tool |
|
| Details | Url | 2 | https://www.nytimes.com/2021/05/14/business/darkside-pipeline-hack.html |
|
| Details | Url | 1 | https://www.state.gov/reward-offers-for- |
|
| Details | Url | 1 | https://tass.com/russia/1388649 |
|
| Details | Url | 1 | https://www.cisa.gov/uscert/ncas/alerts/aa21-055a |
|
| Details | Url | 2 | https://www.globenewswire.com/news- |
|
| Details | Url | 1 | https://www.europol.europa.eu/media-press/newsroom/news |
|
| Details | Url | 1 | https://intel471.com/blog/emotet-returns-december-2021 |
|
| Details | Url | 1 | https://www.securitycouncilreport.org/atf |
|
| Details | Url | 1 | https://vb2020.vblocalhost.com/uploads/vb2020-takai-etal.pdf |
|
| Details | Url | 1 | https://labs.f-secure.com/assets/blogfiles/f-securelabs-tlp-white-lazarus-threat-intel-report2. |
|
| Details | Url | 1 | https://www.clearskysec.com/wp-content/uploads/2021/05/cryptocore- |
|
| Details | Url | 1 | https://www.youtube.com/watch?v=bozecjabjsk |
|
| Details | Url | 3 | https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html |
|
| Details | Url | 5 | https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers |
|
| Details | Url | 1 | https://www.thedailybeast.com/north-korean-hackers-caught- |
|
| Details | Url | 1 | https://twitter.com/esetresearch/status/1458438155149922312?s=20 |
|
| Details | Url | 1 | https://www.spglobal.com/marketintelligence/en/newsinsights/latest-news- |
|
| Details | Url | 5 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence |
|
| Details | Url | 1 | https://vblocalhost.com |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting- |
|
| Details | Url | 1 | https://us-cert.cisa.gov/ncas/alerts/aa20-258a |
|
| Details | Url | 1 | https://www.welivesecurity.com/wp-content/uploads/2019/07/eset_okrum_ |
|
| Details | Url | 1 | https://www.verfassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/pb-cyberabwehr/broschuere-2021-01-bfv-cyber-brief-2021-01 |
|
| Details | Url | 1 | https://www.mandiant.com/resources/apt41-initiates-globalintrusion- |
|
| Details | Url | 2 | https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer |
|
| Details | Url | 2 | https://www.mandiant.com/resources/apt-groups |
|
| Details | Url | 2 | https://www.blackberry.com/us/en/forms/enterprise/bahamut-report |
|
| Details | Url | 1 | https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us |
|
| Details | Url | 1 | https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat |
|
| Details | Url | 1 | https://blogs.quickheal.com |
|
| Details | Url | 1 | https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysisreport. |
|
| Details | Url | 1 | https://ti.qianxin.com/blog/articles/%22operationmagichm%22 |
|
| Details | Url | 1 | https://ti.dbappsecurity.com.cn/blog/articles/2021/02/10 |
|
| Details | Url | 1 | https://securelist.com/apt-trends-report-q2-2021/103517 |
|
| Details | Url | 1 | https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping |
|
| Details | Url | 1 | https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2 |
|
| Details | Url | 2 | https://www.anomali.com/blog |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/wnkc0jbja5_isjpfszfoya |
|
| Details | Url | 2 | https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/new-version-of- |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2021/11/16/evolving- |
|
| Details | Url | 2 | https://www.proofpoint.com/us/blog/threat-insight |
|
| Details | Url | 1 | https://about.fb.com/news/2021/07/taking-action-against-hackers-in-iran |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2021/11/16 |
|
| Details | Url | 1 | https://www.clearskysec.com/siamesekitten |
|
| Details | Url | 1 | https://us-cert.cisa.gov/ncas/alerts/aa20-304a |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/21/g/strongpity-apt-group- |
|
| Details | Url | 1 | https://about.fb.com/wp-content/uploads/2021/04/technical-threat-report-arid-viper-april-2021.pdf |
|
| Details | Url | 1 | https://securelist.com/wirtes-campaign-in-the-middle-east-living-off- |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/noblebaron-new-poisoned- |
|
| Details | Url | 1 | https://www.theguardian.com/world/2021/nov/02/bosnia-is-in-danger-of- |
|
| Details | Url | 1 | https://mup.vladars.net/lat/index. |
|
| Details | Url | 3 | https://securelist.com/recent-cloud-atlas-activity/92016 |
|
| Details | Url | 1 | https://www.rnbo.gov.ua/en/diialnist/4823. |
|
| Details | Url | 1 | https://www.rnbo.gov |
|
| Details | Url | 1 | https://ssu.gov.ua/en/novyny/sbu-vyiavyla-khakera-yakyi-poliuvav- |
|
| Details | Url | 1 | https://ssu.gov.ua/en/novyny/sbu- |
|
| Details | Url | 1 | https://therecord.media/ukraine-discloses-identity- |
|
| Details | Url | 7 | https://web.archive.org |
|
| Details | Url | 1 | https://www.lookingglasscyber.com/wp-content/uploads/2015/08/operation_armageddon_final.pdf |
|
| Details | Url | 1 | https://quointelligence.eu/2021/01/reconhellcat-uses-nist-theme- |
|
| Details | Url | 1 | https://www.cybereason.com/blog/operation-ghostshell-novel- |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343- |
|
| Details | Url | 2 | https://symantec-enterprise-blogs.security.com/blogs |
|
| Details | Url | 1 | https://home.treasury.gov/news/press-releases/sm1127 |
|
| Details | Url | 2 | https://blog.group-ib.com/colunmtk_apt41 |
|
| Details | Url | 1 | https://www.zdnet.com/article/acer-confirms-second-cyberattack-in-2021 |
|
| Details | Url | 1 | https://www.acronis.com/en-us/cyber-protection-center/posts/conti-ransomware-rakes- |
|
| Details | Url | 1 | https://www.bankinfosecurity.com/retailer-fat-face-pays-2-million-ransom-to- |
|
| Details | Url | 1 | https://securityaffairs.co |
|
| Details | Url | 1 | https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/coop- |
|
| Details | Url | 1 | https://www.teiss.co.uk/spar-supermarket-cyber-incident |
|
| Details | Url | 1 | https://www.ncsc.gov.uk/news/spar-stores-incident |
|
| Details | Url | 1 | https://www.itworldcanada.com/article/canadian-retailer-home-hardware-hit- |
|
| Details | Url | 1 | https://www.retaildive.com/news/office-depot-parent-expects-over-20m-loss- |
|
| Details | Url | 1 | https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles- |