<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<span style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)"><span style="margin:0px;background-color:rgb(255, 255, 255)"><span style="margin:0px;font-size:14.67px">Hello,</span></span></span></div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<div style="margin:0px;font-size:12pt;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:rgb(255, 255, 255)">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30);background-color:white">

<div style="margin:0px;font-size:12pt;color:black"><span style="margin:0px;background-color:white"></span>

<div style="margin:0px;background-color:white">

<div style="margin:0px;font-size:14.67px;background-color:white">I hope everyone is doing well!</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">Below is the entry for today.</div>

<div style="margin:0px;font-size:14.67px;background-color:white"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white">07/08/2021 - Diary entry #301:<br>

<br>

</div>

<blockquote style="font-size:14.67px;background-color:white;margin-top:0px;margin-bottom:0px">

<div style="margin:0px"></div>

<div style="margin:0px"></div>

On our Daily Diaries #297 and #298, we covered REvil (a.k.a Sodinokibi) attack on Kaseya systems. This attack got the group a lot of attention. They infected many computers through a supply-chain attack on Kaseya VSA, making the infected systems deploy their

 ransomware in all the connected clients. Now, it seems that another cybercrime gang is trying to piggyback on REvil's "success".

<div><br>

</div>

<div>This week a new e-mail spam campaign showed up, using Kaseya attack as a decoy. The e-mail addresses Kaseya clients, asking for them to install an update on the systems to protect them against ransomware, by fixing a vulnerability in the product. The e-mail

 contains a download link, directing users to the download of a disguised Cobalt Strike beacon.</div>

<div><br>

</div>

Cobalt Strike beacon is a post-exploitation tool, connecting to a C2 server to allow full control on the machine. We already covered Cobalt Strike in several of our Daily Diaries, including in the SolarWinds' attack, where the attackers deployed the beacon

 to steal data from the infected machines. A lot of infamous APT groups heavily used this tool, including Dridex and even REvil itself. It's not clear yet which cybercrime gang is behind this campaign.

<div style="margin:0px"><br>

</div>

</blockquote>

<span style="margin:0px;font-size:14.67px;background-color:white">Kind Regards,</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div></div>

<div></div>

<div></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-family:"Times New Roman"; font-size:medium; text-align:start">

<tbody>

<tr>

<td width="180" align="left" style="width:180px">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/"><img alt="" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/"><img width="18" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity"><img width="20" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ"><img width="26" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p> </p>

</td>

<td width="350" colspan="2" rowspan="2" style="width:350px">

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

<strong>Felipe Duarte Domingues</strong><br>

Security Researcher<br>

<strong>Appgate</strong></p>

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

E:<span> </span><font color="#228ebe"><a href="mailto:felipe.duarte@appgate.com" title="mailto:felipe.duarte@appgate.com">felipe.duarte@appgate.com</a></font><br>

O: <span style="background-color:rgb(255,255,255); display:inline!important">+55 19 98840 2509</span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>