H-ISAC Finished Intelligence Reports TLP White, Dec 30, 2020

With recent reports indicating the compromise of Microsoft Azure/Office 365 services as an additional attack vector in the SolarWinds breach, the US Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) has created a free PowerShell-based tool used for the detection of potentially compromised applications and accounts in Azure/Microsoft 365 environments.

The tool, Sparrow, is intended for use by analysts, network defenders and incident responders. It is neither comprehensive nor exhaustive of available data, and is intended to narrow a larger set of available investigation modules and telemetry to those specific to recent attacks on federated identity sources and applications. For more information, please reference the attached alert as well as Health-ISAC's briefing on the matter covered in the Daily Cyber Headlines available here

Key Resources

Related Resources

Guides/Reports
HC3 TLP Clear: Privileged User Compromise
Public
Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Guides/Reports
CLEAR Crisis Leadership Tip Sheets