轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-400-202512-00000018

[內容說明]
資安院近期接獲外部情資，攻擊者以行政訴訟為由發動社交工程郵件攻擊，誘導收件者開啟並下載與執行惡意附檔。
建議貴單位加強防範與通知各單位提高警覺，避免點擊郵件附檔與連結，以免受駭。 已知攻擊郵件特徵如下，相關受駭偵測指標請參考附件。

1.駭客寄送之主旨： [機關名稱]

2.相關惡意中繼站: giugh9ygiuhljbgh-1328314126[.]cos[.]ap-tokyo[.]myqcloud[.]com、 202[.]79[.]168[.]155

3.惡意附檔SHA1雜湊值： 770e64e02d2cf2cac30d6074c201d44279996cbc、 e69b347f9608abaf31cab02f0a34b3dfa1d7c872
註：相關網域名稱為避免誤點觸發連線，故以「[.]」區隔。

[建議措施]
1.網路管理人員請參考受駭偵測指標，確實更新防火牆，阻擋惡意中繼站。

2.建議留意可疑電子郵件，注意郵件來源正確性，勿開啟不明來源之郵件與相關附檔。

3.安裝防毒軟體並更新至最新病毒碼，開啟檔案前使用防毒軟體掃描郵件附檔，並確認附檔檔案類型，若發現檔案名稱中存在異常字元(如lnk, rcs, exe, moc等可執行檔案附檔名的逆排序)，請提高警覺。

4.加強內部宣導，提升人員資安意識，以防範駭客利用電子郵件進行社交工程攻擊。

[參考資料]
附件-社交工程攻擊_IOC：https://cert.tanet.edu.tw/pdf/report_IoC_1210.csv

Forwarded from the National Institute of Cyber Security (NICS): Cybersecurity Alert NISAC-400-202512-00000018

[Content Description]
The National Institute of Cyber Security (NICS) recently received external intelligence indicating that attackers are distributing social engineering emails under the guise of administrative litigation to lure recipients into opening, downloading, and executing malicious attachments.

We recommend that your organization strengthen its defenses and notify all units to be more vigilant and avoid clicking on email attachments and links to prevent hacking. Known characteristics of the attack emails are as follows; please refer to the attachment for relevant hacking detection indicators.

1. Hacker's message: [Organization Name]

2. Related malicious relay sites: giugh9ygiuhljbgh-1328314126[.]cos[.]ap-tokyo[.]myqcloud[.]com, 202[.]79[.]168[.]155

3. Malicious attachment SHA1 hash values: 770e64e02d2cf2cac30d6074c201d44279996cbc, e69b347f9608abaf31cab02f0a34b3dfa1d7c872

Note: Related domain names are separated by "[.]" to avoid accidental connection triggering.

[Recommended Measures]
1. Network administrators should refer to the hacker detection indicators and ensure their firewalls are updated to block malicious relay stations.

2. It is recommended to be vigilant about suspicious emails, verify the authenticity of the email source, and not open emails or attachments from unknown sources.

3. Install antivirus software and update it to the latest virus definitions. Before opening any files, scan email attachments with antivirus software and confirm the file type. If you find any abnormal characters in the file name (such as lnk, rcs, exe, moc, etc., which are reverse orders of executable file attachment names), please be alert.

4. Strengthen internal communication and improve personnel's cybersecurity awareness to prevent hackers from using email for social engineering attacks.

[References]
Attachment - Social Engineering Attacks_IOC: https://cert.tanet.edu.tw/pdf/report_IoC_1210.csv