<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-name:"Normal\,DocText";
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-name:"List Paragraph\,BulletList";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;
mso-ligatures:standardcontextual;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-name:"List Paragraph\,BulletListCxSpFirst";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
mso-style-type:export-only;
margin:0in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;
mso-ligatures:standardcontextual;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-name:"List Paragraph\,BulletListCxSpMiddle";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
mso-style-type:export-only;
margin:0in;
margin-bottom:.0001pt;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;
mso-ligatures:standardcontextual;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-name:"List Paragraph\,BulletListCxSpLast";
mso-style-priority:1;
mso-style-link:"List Paragraph Char\,BulletList Char";
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
mso-add-space:auto;
line-height:105%;
font-size:12.0pt;
font-family:"Segoe UI",sans-serif;
mso-ligatures:standardcontextual;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.ListParagraphChar
{mso-style-name:"List Paragraph Char\,BulletList Char";
mso-style-priority:1;
mso-style-link:"List Paragraph\,BulletList";
font-family:"Segoe UI",sans-serif;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.eop
{mso-style-name:eop;}
span.tlp-amber
{mso-style-name:tlp-amber;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:570850550;
mso-list-template-ids:1446425650;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1106733837;
mso-list-type:hybrid;
mso-list-template-ids:1000092668 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:1248075459;
mso-list-type:hybrid;
mso-list-template-ids:290491828 -1378836568 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
color:black;
mso-style-textfill-fill-color:black;
mso-style-textfill-fill-alpha:100.0%;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1574513499;
mso-list-template-ids:184332648;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D">Sharing below and attached advisory.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thor Sage<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Executive Director<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Miami Valley Educational Computer Association<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">937-767-1468 x3101<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<a href="http://www.mveca.org/"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;text-decoration:none"><img border="0" width="174" height="64" style="width:1.8125in;height:.6666in" id="Picture_x0020_1" src="cid:image001.jpg@01D9F2DB.F2ADDB20" alt="http://www.mveca.org/images/logo.gif"></span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
</span><a href="https://www.linkedin.com/company/mveca/"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;text-decoration:none"><img border="0" width="32" height="32" style="width:.3333in;height:.3333in" id="Picture_x0020_2" src="cid:image002.jpg@01D9F2DB.F2ADDB20" alt="i"></span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Not-for-profit Technology Services for Education and Local Governments<o:p></o:p></span></i></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Burner, Jillian <jburner@OhioSOS.Gov>
<br>
<b>Sent:</b> Friday, September 29, 2023 12:03 PM<br>
<b>Subject:</b> TLP: AMBER - Cybersecurity Advisory - Chinese APT Activity Summary<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:solid black 3.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal;background:red">
<b><span style="font-family:"Arial",sans-serif;color:yellow">CAUTION:</span></b><span style="font-family:"Arial",sans-serif;color:white"> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the
sender and know the content is safe.<o:p></o:p></span></p>
</div>
<div>
<p class="paragraph" align="center" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:0in;text-align:center;vertical-align:baseline">
<span class="normaltextrun"><b>Cybersecurity Advisory – September 29, 2023</b></span><o:p></o:p></p>
<p class="paragraph" align="center" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:0in;text-align:center;vertical-align:baseline">
<span class="normaltextrun"><b>NOTICE: <span style="color:#FFC000;background:black;mso-highlight:black">
TLP:AMBER</span><span style="color:#FFC000"> </span>UNCLASSIFIED//FOR OFFICIAL USE ONLY</b></span><o:p></o:p></p>
<p class="paragraph" align="center" style="margin:0in;margin-bottom:.0001pt;text-align:center;vertical-align:baseline">
<o:p> </o:p></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun">An international joint advisory was recently published (attached) that highlights activity associated with a People’s Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. This activity uses “living off the land”
techniques (<i>a cyberattack where the attacker uses native, legitimate tools in the victim’s system to sustain and advance an attack</i>) that evade detection by utilizing tools and software that are built into Windows.<o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun">To detect the activity described in the attached advisory, the audit policy for Windows security logs must include “<i>audit process creation</i>” and “<i>include command line in process creation events</i>.” Otherwise, default logging
configurations may not provide the necessary information to identify malicious activity.<o:p></o:p></span></p>
<p class="paragraph" style="vertical-align:baseline"><span class="normaltextrun">A robust logging framework greatly impedes a threat actor’s ability to cover their tracks. To ensure log integrity and availability, log files should be forwarded to a hardened
centralized logging server, preferably on a segmented network. <o:p></o:p></span></p>
<p class="paragraph" style="vertical-align:baseline">CISA recommends that agencies prioritize logging for high value asset (HVA) systems, high impact systems, and the enterprise IT network (specifically identity providers like Azure Active Directory or Active
Directory). Additionally, agencies should prioritize internet-accessible systems (e.g., web applications) and systems that interact with the internet regularly (e.g., devices from which users access email or browse the internet and DMZ network).<span class="normaltextrun"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<b><span style="font-family:"Times New Roman",serif">Action Steps:</span></b><span style="font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpFirst" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Read the attached advisory<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Validate logging is enabled based on “Logging Recommendations” in attached advisory<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Forward log files to a hardened, centralized logging server, preferably on a segmented network<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Enforce the principle of least privilege<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpLast" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-family:"Times New Roman",serif">Turn on MFA<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-family:"Times New Roman",serif">References:<o:p></o:p></span></p>
<p class="MsoListParagraphCxSpFirst" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l2 level1 lfo6">
<![if !supportLists]><span class="MsoHyperlink"><span style="font-family:Symbol;color:black;text-decoration:none"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span></span><![endif]><a href="https://www.cisa.gov/sites/default/files/2023-02/TLP%20CLEAR%20-%20Guidance%20for%20Implementing%20M-21-31_Improving%20the%20Federal%20Governments%20Investigative%20and%20Remediation%20Capabilities_.pdf"><span style="font-family:"Times New Roman",serif">https://www.cisa.gov/sites/default/files/2023-02/TLP%20CLEAR%20-%20Guidance%20for%20Implementing%20M-21-31_Improving%20the%20Federal%20Governments%20Investigative%20and%20Remediation%20Capabilities_.pdf</span></a><span class="MsoHyperlink"><o:p></o:p></span></p>
<p class="MsoListParagraphCxSpLast" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;mso-add-space:auto;text-indent:-.25in;line-height:normal;mso-list:l2 level1 lfo6">
<![if !supportLists]><span style="font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><a href="https://www.crowdstrike.com/cybersecurity-101/living-off-the-land-attacks-lotl/"><span style="font-family:"Times New Roman",serif">https://www.crowdstrike.com/cybersecurity-101/living-off-the-land-attacks-lotl/</span></a><span style="font-family:"Times New Roman",serif">
</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:0in;margin-bottom:.0001pt;line-height:normal">
<span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun">Questions? Please contact your Cyber Liaison or CDT at
</span><a href="mailto:cyberdefenseteam@OhioSOS.Gov">cyberdefenseteam@OhioSOS.Gov</a><span class="normaltextrun">.</span><span class="normaltextrun"><b><span style="font-size:8.0pt;color:#FFC000;background:black;mso-highlight:black"><o:p></o:p></span></b></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;line-height:normal">
<span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun">Thank you.<o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;margin-bottom:.0001pt;vertical-align:baseline">
<span class="normaltextrun"><o:p> </o:p></span></p>
<p class="paragraph" align="center" style="margin:0in;margin-bottom:.0001pt;text-align:center;vertical-align:baseline">
<span class="normaltextrun"><b><span style="font-size:8.0pt;color:#FFC000;background:black;mso-highlight:black">TLP:AMBER</span></b></span><span class="normaltextrun"><b><span style="font-size:8.0pt;color:#FFC000"><o:p></o:p></span></b></span></p>
<p class="MsoNormal" align="center" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:.25in;text-align:center">
<span class="tlp-amber"><b><span style="font-size:8.0pt;line-height:105%;font-family:"Times New Roman",serif;color:#FFC000;border:none windowtext 1.0pt;padding:0in;background:black">UNCLASSIFIED//FOR OFFICIAL USE ONLY</span></b></span><span style="font-size:9.0pt;line-height:105%;font-family:"Times New Roman",serif"><o:p></o:p></span></p>
<p align="center" style="mso-margin-top-alt:6.0pt;margin-right:0in;margin-bottom:6.0pt;margin-left:.25in;text-align:center;background:white">
<b><i><span style="font-size:8.0pt;color:#FFC000;background:white">NOTICE: The following document is not subject to disclosure as a public record pursuant to R.C. §149.433. DO NOT DISCLOSE</span></i></b><span class="eop"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;line-height:105%;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
</body>
</html>