<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-name:"Normal\,DocText";
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-name:"List Paragraph\,BulletList";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-name:"List Paragraph\,BulletListCxSpFirst";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
mso-style-type:export-only;
margin:0in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-name:"List Paragraph\,BulletListCxSpMiddle";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
mso-style-type:export-only;
margin:0in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-name:"List Paragraph\,BulletListCxSpLast";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.ListParagraphChar
{mso-style-name:"List Paragraph Char\,BulletList Char";
mso-style-priority:1;
mso-style-link:"List Paragraph\,BulletList";
font-family:"Segoe UI",sans-serif;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.eop
{mso-style-name:eop;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:172034639;
mso-list-template-ids:1443805600;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1106733837;
mso-list-type:hybrid;
mso-list-template-ids:1000092668 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D">Sharing cyber related advisories. See below and attached. Please share with your user base as appropriate.<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thor Sage<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Executive Director<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Miami Valley Educational Computer Association<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">937-767-1468 x3101<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<a href="http://www.mveca.org/"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;text-decoration:none"><img border="0" width="174" height="64" style="width:1.8125in;height:.6666in" id="Picture_x0020_1" src="cid:image002.jpg@01D833A7.DB2CA200" alt="http://www.mveca.org/images/logo.gif"></span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
</span><a href="https://www.linkedin.com/company/mveca/"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="_x0000_i1027" src="cid:image003.jpg@01D833A7.DB2CA200" alt="i"></span></a><a href="https://twitter.com/mvecarcog"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_2" src="cid:image004.jpg@01D833A7.DB2CA200" alt="t"></span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Not-for-profit Technology Services for Education and Local Governments<o:p></o:p></span></i></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Ortiz, Matthew <mortiz@OhioSOS.Gov>
<br>
<b>Sent:</b> Wednesday, March 9, 2022 11:07 AM<br>
<b>Cc:</b> Cyber Defense Team <cyberdefenseteam@OhioSOS.Gov>; Harmon, Nathan <NHarmon@OhioSOS.Gov>; Forsythe, Russ <rforsythe@OhioSOS.Gov>; Waite, James <JWaite@OhioSOS.Gov>; Marshall, Beverly <BMarshall@OhioSOS.Gov><br>
<b>Subject:</b> TLP:AMBER//UNCLASSIFIED//FOR OFFICIAL USE ONLY// Suspicious Activity - 07 March 2022 - Chinese APT Activity<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:solid black 3.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;background:red">
<b><span style="font-family:"Arial",sans-serif;color:yellow">CAUTION:</span></b><span style="font-family:"Arial",sans-serif;color:white"> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the
sender and know the content is safe.<o:p></o:p></span></p>
</div>
<div>
<p class="paragraph" align="center" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:0in;text-align:center;vertical-align:baseline">
<span class="normaltextrun"><b>Cybersecurity Notification – March 07, 2022</b></span><o:p></o:p></p>
<p class="paragraph" align="center" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:0in;text-align:center;vertical-align:baseline">
<span class="normaltextrun"><b>NOTICE: <span style="color:#FFC000;background:black;mso-highlight:black">
TLP:AMBER</span><span style="color:#FFC000"> </span>UNCLASSIFIED//FOR OFFICIAL USE ONLY</b></span><span class="eop"> </span><o:p></o:p></p>
<p class="paragraph" align="center" style="margin:0in;margin-bottom:.0001pt;text-align:center;vertical-align:baseline">
<o:p> </o:p></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;text-align:justify;vertical-align:baseline">
<span class="normaltextrun">The Ohio SOS Cyber Defense Team (CDT) was made aware of Chinese APT activity that is targeting State Government Departments, Agencies, and Programs. Attached is the joint summary (AA22-066A), that was sent out by MS-ISAC and FBI,
to make everyone aware of the activity and what to look for. Please read over the summary to better understand the activity and any steps you should be taking to protect your environment. To assist, we have shared the IOCs with Ahead to add to Alien Vault
for alerting on.<o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;text-align:justify;vertical-align:baseline">
<span class="normaltextrun"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<b><span style="font-family:"Times New Roman",serif">Action Steps where possible:</span></b><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpFirst" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Read over advisory.<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Validate all software is updated.<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Secure Public-facing web apps.<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Enforce the principle of least privilege.<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpLast" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Turn on MFA.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun">Any questions, please contact your Cyber Liaison or CDT at
<a href="mailto:cyberdefenseteam@OhioSOS.Gov">cyberdefenseteam@OhioSOS.Gov</a>.</span><span class="eop"> </span><span class="normaltextrun"><b><span style="font-size:8.0pt;color:#FFC000;background:black;mso-highlight:black"><o:p></o:p></span></b></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun">Thank you.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:105%"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal"><span style="font-size:13.5pt;line-height:105%;font-family:"Times New Roman",serif;color:black"><img border="0" width="110" height="108" style="width:1.1458in;height:1.125in" id="x_Picture_x0020_1" src="cid:image001.png@01D833A3.937D5520" alt="logo for the Office of Frank LaRose Ohio Secretary of State"></span><o:p></o:p></p>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="margin-bottom:7.5pt"><b><span style="color:#004677">Matthew Ortiz</span></b><span style="color:#004677"> | <b>Chief Information Security Officer</b></span><span style="color:black"><br>
</span><span style="color:#971B2F">Office of the Ohio Secretary of State</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;line-height:105%;color:black">O:</span></b><span style="font-size:10.0pt;line-height:105%;color:black"> 614.696.8894<br>
<a href="https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fohiosos.gov%2F&data=04%7C01%7Cdbowman%40OhioSOS.Gov%7Ccad5de2655b145bc04eb08d9b444c1fa%7C6a62fcd22ec844ebaac58892a8d5a826%7C0%7C0%7C637739029673369702%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UZHEeKEiqERs%2B0a9ScflZZenAwzfNVd7uo7%2F7%2FCmmmo%3D&reserved=0">OhioSoS.gov</a></span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-size:10.0pt;line-height:105%;color:black">This message and any response to it may constitute a public record and thus may be publicly available to anyone who requests it.</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>