[Tech-l] FW: TLP:AMBER//UNCLASSIFIED//FOR OFFICIAL USE ONLY// Suspicious Activity - 07 March 2022 - Chinese APT Activity

Thor Sage sage at mveca.org
Wed Mar 9 11:21:47 EST 2022 

Sharing cyber related advisories.  See below and attached.  Please share with your user base as appropriate.

Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/> [t] <https://twitter.com/mvecarcog>
Not-for-profit Technology Services for Education and Local Governments


From: Ortiz, Matthew <mortiz at OhioSOS.Gov>
Sent: Wednesday, March 9, 2022 11:07 AM
Cc: Cyber Defense Team <cyberdefenseteam at OhioSOS.Gov>; Harmon, Nathan <NHarmon at OhioSOS.Gov>; Forsythe, Russ <rforsythe at OhioSOS.Gov>; Waite, James <JWaite at OhioSOS.Gov>; Marshall, Beverly <BMarshall at OhioSOS.Gov>
Subject: TLP:AMBER//UNCLASSIFIED//FOR OFFICIAL USE ONLY// Suspicious Activity - 07 March 2022 - Chinese APT Activity

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Cybersecurity Notification - March 07, 2022

NOTICE: TLP:AMBER UNCLASSIFIED//FOR OFFICIAL USE ONLY



The Ohio SOS Cyber Defense Team (CDT) was made aware of Chinese APT activity that is targeting State Government Departments, Agencies, and Programs. Attached is the joint summary (AA22-066A), that was sent out by MS-ISAC and FBI, to make everyone aware of the activity and what to look for. Please read over the summary to better understand the activity and any steps you should be taking to protect your environment. To assist, we have shared the IOCs with Ahead to add to Alien Vault for alerting on.


Action Steps where possible:

*         Read over advisory.

*         Validate all software is updated.

*         Secure Public-facing web apps.

*         Enforce the principle of least privilege.

*         Turn on MFA.


Any questions, please contact your Cyber Liaison or CDT at cyberdefenseteam at OhioSOS.Gov<mailto:cyberdefenseteam at OhioSOS.Gov>.


Thank you.


[logo for the Office of Frank LaRose Ohio Secretary of State]

Matthew Ortiz | Chief Information Security Officer
Office of the Ohio Secretary of State
O: 614.696.8894
OhioSoS.gov<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fohiosos.gov%2F&data=04%7C01%7Cdbowman%40OhioSOS.Gov%7Ccad5de2655b145bc04eb08d9b444c1fa%7C6a62fcd22ec844ebaac58892a8d5a826%7C0%7C0%7C637739029673369702%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UZHEeKEiqERs%2B0a9ScflZZenAwzfNVd7uo7%2F7%2FCmmmo%3D&reserved=0>

This message and any response to it may constitute a public record and thus may be publicly available to anyone who requests it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220309/4397f8b8/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6768 bytes
Desc: image001.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220309/4397f8b8/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image002.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220309/4397f8b8/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image003.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220309/4397f8b8/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 1197 bytes
Desc: image004.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220309/4397f8b8/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AA22-066A-Chinese_APT_Activity_in_State_Government_Departments_Agencies_and_Programs_TLP_AMBER.pdf
Type: application/pdf
Size: 545539 bytes
Desc: AA22-066A-Chinese_APT_Activity_in_State_Government_Departments_Agencies_and_Programs_TLP_AMBER.pdf
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20220309/4397f8b8/attachment-0001.pdf>

More information about the Tech-l mailing list