T1195.001Compromise Software Dependencies and Development Tools
99%
"’ t serving up malware downloads it was pointing visitors to a rick roll video on youtube. “ it ’ s a little all over the place, and there ’ s a chance this whole iran thing is just their way of getting attention, ” eriksen said. “ i feel like these people are really playing this…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
98%
"business reporter catalin cimpanu writes that attackers often are seen pushing meaningless commits to their repos or using online services that sell github stars and “ likes ” to keep malicious packages at the top of the github search page. this weekend ’ s outbreak is the second…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
94%
"to visitors, and their distributed architecture makes them resistant to takedown attempts. these canisters will remain reachable so long as their operators continue to pay virtual currency fees to keep them online. eriksen said the people behind teampcp are bragging about their e…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
89%
"and cryptocurrency wallets from users. over the weekend, the same technical infrastructure teampcp used in the trivy attack was leveraged to deploy a new malicious payload which executes a wiper attack if the user ’ s timezone and locale are determined to correspond to iran, said…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
76%
"vulnerability scanner from checkmarx, and that the scanner ’ s github action was compromised between 12 : 58 and 16 : 50 utc today ( march 23rd )."
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
66%
"‘ canisterworm ’ springs wiper attack targeting iran a financially motivated data theft and extortion group is attempting to inject itself into the iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use iran ’ s …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
62%
"business reporter catalin cimpanu writes that attackers often are seen pushing meaningless commits to their repos or using online services that sell github stars and “ likes ” to keep malicious packages at the top of the github search page. this weekend ’ s outbreak is the second…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
60%
"vulnerability scanner from checkmarx, and that the scanner ’ s github action was compromised between 12 : 58 and 16 : 50 utc today ( march 23rd )."
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
53%
", the security firm flare said the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end - user devices, with azure ( 61 % ) and aws ( 36 % ) accounting for 97 % of compromised servers. “ teampcp ’ s streng…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
45%
"vulnerability scanner from checkmarx, and that the scanner ’ s github action was compromised between 12 : 58 and 16 : 50 utc today ( march 23rd )."
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1610Deploy Container
44%
"and cryptocurrency wallets from users. over the weekend, the same technical infrastructure teampcp used in the trivy attack was leveraged to deploy a new malicious payload which executes a wiper attack if the user ’ s timezone and locale are determined to correspond to iran, said…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1610Deploy Container
34%
", the security firm flare said the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end - user devices, with azure ( 61 % ) and aws ( 36 % ) accounting for 97 % of compromised servers. “ teampcp ’ s streng…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
31%
"’ t serving up malware downloads it was pointing visitors to a rick roll video on youtube. “ it ’ s a little all over the place, and there ’ s a chance this whole iran thing is just their way of getting attention, ” eriksen said. “ i feel like these people are really playing this…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.