Original release date: September 1, 2020This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.

Key Takeaways

When addressing potential incidents and applying best practice incident response procedures:

First, collect and remove for further analysis:

Relevant artifacts,
Logs, and
Data.

Next, implement mitigation steps that avoid tipping off the adversary that their presence in the network has been discovered.
Finally, consider soliciting incident response support from a third-party IT security organization to:

Provide subject matter expertise and technical support to the incident response,
Ensure that the actor is eradicated from the network, and
Avoid residual issues that could result in follow-up compromises once the incident is closed.

Click here for a PDF version of this report.

This product is provided subject to this Notification and this Privacy & Use policy.Original release date: September 1, 2020

This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.

Key Takeaways

When addressing potential incidents and applying best practice incident response procedures:

  • First, collect and remove for further analysis:
    • Relevant artifacts,
    • Logs, and
    • Data.
  • Next, implement mitigation steps that avoid tipping off the adversary that their presence in the network has been discovered.
  • Finally, consider soliciting incident response support from a third-party IT security organization to:
    • Provide subject matter expertise and technical support to the incident response,
    • Ensure that the actor is eradicated from the network, and
    • Avoid residual issues that could result in follow-up compromises once the incident is closed.

Click here for a PDF version of this report.

This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply