APT41 - HOODOO, Wicked Panda

Affects:

Severity:

HIGH

Productivity
Impact:

VERY LOW

Fix
Estimate

2-3 minutes

Research:

https://activedirectorypro.com/block-dangerous-file-attachments-in-exchange-online/

Summary:

APT41 sent spearphishing emails with attachments such as compiled HTML (.chm) files to initially compromise their victims.

Remediation details

Disable .CHM files as Email Attachments

  1. Navigate to https://security.microsoft.com/
  2. Click on Policies & Rules
  3. Select Threat Policies
  4. Select Anti-malware
  5. Click Edit Protection Settings
  6. Ensure common attachment filter is enabled
  7. Click Select file type
  8. Add .CHM

In addition to the above, there is an a more detailed guide you can leverage here: https://activedirectorypro.com/block-dangerous-file-attachments-in-exchange-online/

This Threat Is Automatically Protected By Overe Protect

Assess the security posture of all your MSP's clients and get actionable remediation steps, in under 3 minutes. 100% free.

Overe Background image
Assess For Free

Get up and running in under 2 minutes, no credit card required.

Get Started Free  

Free audit worth £1000

Thank you!
Your submission has been received!
Oops!
Something went wrong! Try again later
Overe Background image
Privacy PolicyTerms & ConditionsBlogFAQsThreat BulletinLinkedIn

© Overe 2024. All rights reserved.
Overe™ is a registered trade mark of Overe LTD UK.