Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.. The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. TODAY ’S N EWS : THREATS : • Atlassian Confluence RCE Flaw Abu sed in Multiple Cyberattack Campaigns • FinSpy surveillance malware is now spreading through UEFI bootkits • Critical Flaw May Affect Millions of Hikvision Devices • Credent ial Spear-Phishing Uses Spoofed Zix Encrypted Email WARNING: This document is the exclusive property of the California Cyber security Integration Center and abides by Traffic Light Protocol standards for distribution purposes. It may contain information exempt from public release under the California Public Records Act. Recipients must control, store, handle, transmit, distribute and dispose of this product in accordance with the TLP standard relating to shared intelligence. Do not release to the public, media, or other personnel who do not have a valid need-to-know without prior ap proval of an authorized CAL-CSIC official. 2 MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER O THER STORIE S : • US Commerce Officials Seek Comment on IaaS Executive Order • Bandwidth.com is latest victim of DDoS attacks against VoIP providers • FCC details $1.9 billion program to rip out Huawei and ZTE gear in the US • New BloodyStealer Trojan Steals Gamers’ Epic Games and Steam Accounts • Scalper bots are now targeting graphics card vendors • Cryptocurrency expert pleads guilty to helping North Korean government use blockchain to evade sanctions • TikTok found to be most impersonated app by malware groups M ICROSOFT IN THE N EWS : • Microsoft 365 MF A outage locks users out of their accounts • New Windows 11 install script bypasses TPM , system requirements • New Microsoft Exchange service mitigates high-risk bugs automatically WARNING: This document is the exclusive property of the California Cyber security Integration Center and abides by Traffic Light Protocol standards for distribution purposes. It may contain information exempt from public release under the California Public Records Act. Recipients must control, store, handle, transmit, distribute and dispose of this product in accordance with the TLP standard relating to shared intelligence. Do not release to the public, media, or other personnel who do not have a valid need-to-know without prior ap proval of an authorized CAL-CSIC official. 3 MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER ATTACHMENTS : • No Attachments MONTHLY THREAT BRIEF 30 S EPTEMBER 2021 @1:30PM PST NOT REGISTERED? REGISTER HERE Warning: Do not distribute outside the California Cybersecurity Integration Center w ithout permission of the Cal-CSIC Commander/Deputy Commander. Cal-CSIC makes no representation or guarantee regarding the accuracy and/or currency of the information as reported by the referenced sources. Cal-CSIC does not claim or assert any rights in the referenced source material. This email contains raw and unfettered media reports. It is meant for internal use only. Join us for the Internet of Things Cybersecurity Threat Brief

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.. The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. TODAY ’S N EWS : THREATS : • Atlassian Confluence RCE Flaw Abu sed in Multiple Cyberattack Campaigns • FinSpy surveillance malware is now spreading through UEFI bootkits • Critical Flaw May Affect Millions of Hikvision Devices • Credent ial Spear-Phishing Uses Spoofed Zix Encrypted Email WARNING: This document is the exclusive property of the California Cyber security Integration Center and abides by Traffic Light Protocol standards for distribution purposes. It may contain information exempt from public release under the California Public Records Act. Recipients must control, store, handle, transmit, distribute and dispose of this product in accordance with the TLP standard relating to shared intelligence. Do not release to the public, media, or other personnel who do not have a valid need-to-know without prior ap proval of an authorized CAL-CSIC official. 2 MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER O THER STORIE S : • US Commerce Officials Seek Comment on IaaS Executive Order • Bandwidth.com is latest victim of DDoS attacks against VoIP providers • FCC details $1.9 billion program to rip out Huawei and ZTE gear in the US • New BloodyStealer Trojan Steals Gamers’ Epic Games and Steam Accounts • Scalper bots are now targeting graphics card vendors • Cryptocurrency expert pleads guilty to helping North Korean government use blockchain to evade sanctions • TikTok found to be most impersonated app by malware groups M ICROSOFT IN THE N EWS : • Microsoft 365 MF A outage locks users out of their accounts • New Windows 11 install script bypasses TPM , system requirements • New Microsoft Exchange service mitigates high-risk bugs automatically WARNING: This document is the exclusive property of the California Cyber security Integration Center and abides by Traffic Light Protocol standards for distribution purposes. It may contain information exempt from public release under the California Public Records Act. Recipients must control, store, handle, transmit, distribute and dispose of this product in accordance with the TLP standard relating to shared intelligence. Do not release to the public, media, or other personnel who do not have a valid need-to-know without prior ap proval of an authorized CAL-CSIC official. 3 MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER MORNING REPORT CALIFORNIA CYBERSECURITY INTEGRATION CENTER ATTACHMENTS : • No Attachments MONTHLY THREAT BRIEF 30 S EPTEMBER 2021 @1:30PM PST NOT REGISTERED? REGISTER HERE Warning: Do not distribute outside the California Cybersecurity Integration Center w ithout permission of the Cal-CSIC Commander/Deputy Commander. Cal-CSIC makes no representation or guarantee regarding the accuracy and/or currency of the information as reported by the referenced sources. Cal-CSIC does not claim or assert any rights in the referenced source material. This email contains raw and unfettered media reports. It is meant for internal use only. Join us for the Internet of Things Cybersecurity Threat Brief