Cyber Risk in the Non Profit Sector

Understand more about cyber risk in this sector.

Cyber Risk Graph

Explore how this sector relates to the wider risk graph

Threat Reports

Publicly available threat reporting on cyber attacks against Non Profit.

Report

Silk Typhoon targeting IT supply chain

Silk Typhoon is a sophisticated Chinese state-sponsored espionage group tracked by Microsoft Threat Intelligence. The group has been identified as ...

View Source

Report

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

This blog post by researchers at Cisco Talos outlines a malicious campaign which they identified targeting a government affiliated research ...

View Source

Report

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

This blog post by researchers at Microsoft Threat Intelligence outlines activity they observed by Forest Blizzard using a tool they named ...

View Source

Report

From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering

This blog post from Proofpoint's Threat Research Team details the TA427 group who they link to Kimsuky and attribute to North Korea. TA427 conduct ...

View Source

Report

APT44: Unearthing Sandworm

This report from researchers at Mandiant marks the graduation of the Sandworm intrusion set to the Mandiant APT label: APT44. It provides a ...

View Source

Report

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect

This blog post by researchers at Mandiant describes how the threat actor UNC5174 exploited vulnerabilities in F5 BIG-IP appliances and Connectwise ...

View Source

Report

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

This article by researchers at Trend Micro discusses an Advanced Persistent Threat (APT) group they name Earth Krahang who have been observed ...

View Source

Report

Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices

This report from Recorded Future's Insikt Group describes recent TTPs and infrastructure used for the deployment of the Predator spyware. Predator ...

View Source

Report

SVR cyber actors adapt tactics for initial cloud access

This advisory from the UK's National Cyber Security Centre (NCSC) outlines tactics, techniques and procedures (TTPs) used by the cyber actors ...

View Source

Report

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

Blog post from researchers at Trend Micro discussing Earth Lusca and potential links to Chinese contractor I-Soon. Earth Lusca is a China-linked ...

View Source

Report

TinyTurla Next Generation - Turla APT spies on Polish NGOs

'TinyTurla-NG' is a backdoor identified by Cisco Talos researchers which shows similarities to a previously used implant 'TinyTurla' - both used ...

View Source

Report

CharmingCypress: Innovating Persistence

This report by Volexity outlines campaigns conducted by the actor they call CharmingCypress (aka Charming Kitten). The report describes targeting ...

View Source

Report

HAFNIUM targeting Exchange Servers with 0-day exploits

In March 2021 Microsoft detected multiple zero-day exploits being used as part of a widespread campaign by HAFNIUM / Silk Typhoon. This report ...

View Source

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use against Non Profit.

Search:

ATT&CK ID	Title	Associated Tactics
T1083	File and Directory Discovery	Discovery
T1190	Exploit Public-Facing Application	Initial Access
T1070.004	File Deletion	Defense Evasion
T1572	Protocol Tunneling	Command and Control
T1059.004	Unix Shell	Execution
T1140	Deobfuscate/Decode Files or Information	Defense Evasion
T1222.002	Linux and Mac File and Directory Permissions Modification	Defense Evasion
T1049	System Network Connections Discovery	Discovery
T1601.001	Patch System Image	Defense Evasion
T1003.008	/etc/passwd and /etc/shadow	Credential Access
T1573.002	Asymmetric Cryptography	Command and Control
T1059	Command and Scripting Interpreter	Execution
T1105	Ingress Tool Transfer	Command and Control
T1027	Obfuscated Files or Information	Defense Evasion
T1016	System Network Configuration Discovery	Discovery
T1082	System Information Discovery	Discovery
T1531	Account Access Removal	Impact
T1095	Non-Application Layer Protocol	Command and Control
T1608.003	Install Digital Certificate	Resource Development
T1136.001	Local Account	Persistence
T1595.003	Wordlist Scanning	Reconnaissance
T1020	Automated Exfiltration	Exfiltration
T1566.002	Spearphishing Link	Initial Access
T1057	Process Discovery	Discovery
T1087.002	Domain Account	Discovery
T1036.007	Double File Extension	Defense Evasion
T1583.001	Domains	Resource Development
T1059.006	Python	Execution
T1210	Exploitation of Remote Services	Lateral Movement
T1003.001	LSASS Memory	Credential Access
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1110.003	Password Spraying	Credential Access
T1059.001	PowerShell	Execution
T1543.003	Windows Service	Persistence, Privilege Escalation
T1059.003	Windows Command Shell	Execution
T1586.002	Email Accounts	Resource Development
T1584.004	Server	Resource Development
T1112	Modify Registry	Defense Evasion
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1608.005	Link Target	Resource Development
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1036.005	Match Legitimate Name or Location	Defense Evasion
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1003.002	Security Account Manager	Credential Access
T1588.001	Malware	Resource Development
T1033	System Owner/User Discovery	Discovery
T1595.002	Vulnerability Scanning	Reconnaissance
T1588.003	Code Signing Certificates	Resource Development
T1592	Gather Victim Host Information	Reconnaissance
T1505.003	Web Shell	Persistence

Showing 1 to 50 of 93 entries