List of “Incident”

  • Chase up Datper’s Communication Logs with Splunk/Elastic Stack Incident
    Chase up Datper’s Communication Logs with Splunk/Elastic Stack
    The last article introduced some features of Datper malware and a Python script for detecting its distinctive communication. Based on that, we are presenting how to search proxy logs for Datper’s communication using log management tools – Splunk and Elastic Stack (Elasticsearch, Logstash and Kibana). For Splunk To extract Datper’s communication log using Splunk, the first thing you need to do is to create a custom search command as follows....

    Read more

  • 2016 in Review: Top Cyber Security Trends in Japan Incident
    2016 in Review: Top Cyber Security Trends in Japan
    Hi, this is Misaki Kimura from Watch and Warning Group. Another new year has come and gone, and as I look back over about the significant security trends that took place in 2016, it is needless to mention that security threat landscape is ever evolving and increasingly complex. As a basis for what we can prepare for 2017, I’d like to review security headlines in 2016 by referring to the...

    Read more

  • PHP Files in CMS, Targeted for Alteration Incident
    PHP Files in CMS, Targeted for Alteration
    JPCERT/CC has been continuously observing cases where websites in Japan created with Content Management Systems (hereafter “CMS”) are defaced in a similar way, and the same kind of cases are also observed overseas [1], [2]. In these cases, part of the PHP files composing the CMS are altered, and this results in defacement of the website contents [3]. Based on the analysis of several cases, this entry today describes the...

    Read more

  • Windows Commands Abused by Attackers Incident
    Windows Commands Abused by Attackers
    Hello again, this is Shusei Tomonaga from the Analysis Center. In Windows OS, various commands (hereafter “Windows commands”) are installed by default. However, what is actually used by general users is just a small part of it. On the other hand, JPCERT/CC has observed that attackers intruding into a network also use Windows commands in order to collect information and/or to spread malware infection within the network. What is worth...

    Read more

  • Emdivi and the Rise of Targeted Attacks in Japan Incident
    Emdivi and the Rise of Targeted Attacks in Japan
    You may well have heard of the May cyber attack in Japan against the Japan Pension Service – a high-profile case seen in the first half of this year, where 1.25 million cases of personal data was exposed. According to the Japan Pension Service, the data leaked included names and ID numbers, and for some cases, dates of birth and home addresses. The official reports(1) say that the massive leak...

    Read more

  • VPN Servers Altered by Attacker Leading to Scanbox, a Reconnaissance Framework Incident
    VPN Servers Altered by Attacker Leading to Scanbox, a Reconnaissance Framework
    Hi, it’s Shusei Tomonaga again from the Analysis Center. JPCERT/CC has confirmed several attack cases around May 2015, which attempt to steal information of computers leveraging specific network devices featuring VPN server functions. The target of the reconnaissance varies from installed software to keylogs, and it is presumed that the attacker has aimed to steal such information from computers which attempt to login to VPN servers through altered login pages....

    Read more

  • A local awareness raising campaign launched to mitigate “password list-based attack” Incident
    A local awareness raising campaign launched to mitigate “password list-based attack”
    Konnichiwa, this is Kaori at Global Coordination Division. On September 17th, JPCERT/CC and Information-technology Promotion Agency (IPA) of Japan have jointly issued a notice to raise public awareness to refrain from using a single password for multiple online services. On the same day, JPCERT/CC, as our sole initiative, has launched a local campaign to further promote this practice by having the enterprise supporters to directly encourage their users. This password...

    Read more