• Netenrich
  • /
  • Blog
  • /
  • KNOW What Happened This Week: BokBot, APT29 The Dukes, CVE-2021-28310

KNOW What Happened This Week: BokBot, APT29 The Dukes, CVE-2021-28310

Post by Sneden Michael Apr 16, 2021

Gut feelings are good…but they don’t seem to work well when taking cybersecurity decisions. These decisions need more data, insights, and context, and we have made it so much more easier. Here’s the week’s cyber news for you with the overview, context, and trending social media posts. KNOW, a threat intelligence platform and cybersecurity news aggregator has identified BokBot, APT29 The Dukes, and CVE-2021-28310 to be trending in the last week.

BokBot – Malware Of The Week

BokBot is more commonly known as IcedID also bears similarities to Emotet. This modular malware started as a banking trojan used to steal banking information and now is working as a dropper to launch other malwares. This malware has been increasingly shared through email campaigns and with Microsoft Excel Spreadsheets and website contact forms.

If opened, targets will be asked to enable content if they want to view the message. The malware has Excel 4 macros embedded, and it allows macro formulas to execute if enabled by the users. The messaging uses strong and urgent language pressuring the user to act immediately according to a recent post from Microsoft.

BokBot Trends From KNOW

bokbot trends from KNOW in last 7 days

Total references: 493

Last 60 days: 101

Last 7 days: 41

Twitter Reactions to BokBot

#1. Chris Pardue

#2. Francesco Bussoletti

#3. James Griffiths

APT29 The Dukes – Threat Actor of The Week

Widely known as COZY BEAR or CozyDuke, APT29 The Dukes is the adversary group that was successful in infiltering the unclassified network of State Department, White House, and US Joint Chiefs of Staff. Adding more to the list, the group targeted organizations across energy, defense, financial, extractive, manufacturing, insurance, universities, research and technologies, and pharmaceuticals. To successfully bypass the security solution, this group extensively focuses on the technique of ‘living-off-the-land’.

Why is APT29 The Dukes Trending?

America has officially blames Russian Government for multiple hacks carried out against SolarWinds. The accusation comes from a joint board committee including Cyber and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI). The UK has also attributed this attack to Russian Government. According to the official press release, the US authorities sanctioned multiple new authorities to confront Russia’s growing and continued malign behavior.

APT29 References From KNOW

APT29 the dukes references taken from KNOW

Total references: 4000

Last 60 days: 206

Last 7 days: 57

Twitter Reactions to APT29 The Duke

#1. Carlos Lopez

#2. Brian Kime

CVE-2021-28310 – Vulnerability of The Week

CVE-2021-28310 recently hit the news when Microsoft released patches for 110 security holes from which 88 were considered important and 19 were classified as critical in severity. Microsoft had a busy start to the week while extinguishing five zero-day vulnerabilities. The vulnerability was in active attack and as Microsoft was applying more patches to it’s already under fire Microsoft Exchange Server Software. Microsoft marks this vulnerability type as less likely to be exploited but security researchers highlight the importance of quickly patching and remediating any RCE vulnerabilities on the system. This vulnerability includes:

    • CVE-2021-28480
    • CVE-2021-28481
    • CVE-2021-28482
    • CVE-2021-28483

Twitter Reactions to CVE-2021-28310


#2. IT Security News

Stay in The KNOW

As a cybersecurity professional gut feeling is the last awesome feeling that you want to go with when deciding the vulnerabilities and exposures to protect your organization from. KNOW is the threat intelligence and trending cybersecurity news aggregator platform to help you stay up-to-date. The threat intelligence platform extracts billions of data points and correlates relevant intelligence and insights from expert analysts to help you follow, search, and act on the threats in a fraction of time it takes you now.

KNOW is completely FREE. Sign up and get the most trending and relevant cybersecurity insights.



Sneden Michael

About the Author

Sneden Michael

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

A person with hoodie typing on a computer keyboard
Apr 02 2021

Cybersecurity Pulse in March – Black KingDom, Sodinoki

A quick look at the most trending cybersec news an...

Read More
A photographer sitting at the edge of a building looking at his camera
Mar 25 2021

Sodinokibi, HAFINUM, and CVE-2021-22986 – KNOW What Ha

HAFINUM attacks Microsoft Servers, F5 releases pat...

Read More
Side view of a man wearing hoodie with binary numbers code shone on his face
Jan 08 2021

CVE-2020-29583 – Do You KNOW This Vulnerability?

According to the researchers, around 100,000 Zyxel...

Read More