Cert SE (Swedish CERT) has published news about an observed attack against Windows systems. We have also received questions from concerned swedish customers. For that reason we publish this information about our actions for our SOC/MSS customers:

  • We have searched for related IoC in available logs (SuperVision SOC 360)
  • We have informed and checked our vendor reputation about above IoC’s for proactive detection/protection (SuperVision Endpoint and Perimeter)
  • We have proactively blocked domain names in our endpoint protection service (SuperVision Endpoint)

Information from Cert SE (in swedish)

Regards,
Tieto SOC SE, Mikael Fryksten