Faith-Based Daily Awareness Post 16 February 2024

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Exclusive: Death threats to rabbi trigger crackdown on universities

The UK’s higher education minister Robert Halfon has said that the government now plans to introduce a “seal of quality” awarded only to universities that adhere to “the highest standards in dealing with antisemitism”. In addition, there will be a new government post of Expert Adviser on Antisemitism in Higher Education.

Last week, two days before it emerged that Leeds University’s Jewish chaplain had gone into hiding on police advice, pro-Palestinian protesters at Birmingham University were heard to call for Zionists to “burn”. One Jewish student at Brunel University, who did not wish to be named, said a Palestinian woman told her: “I’m an extremist, I’m proud of it, I don’t think your people should be alive.”

Analyst Comments:

The new post being created by the government will be filled by a senior academic “who commands respect in both universities and the Jewish community” and who would liaise between university chiefs and the government, Halfon said. There will also be official government guidelines setting out what was required, and how policies against antisemitism should be enforced.

These updates come as as Jewish security group CST reports that antisemitism in the UK in 2023 was the worst on record, including an unprecedented 266 physical assaults.

FBI FLASH: Identification and Disruption of the Warzone Remote Access Trojan (RAT)

The FBI is releasing this FLASH to disseminate indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Warzone Remote Access Trojan (RAT), also identified as “Ave Maria” through open-source reporting and FBI investigation. On 7 February 2024, the FBI and international partners executed a coordinated operation to disrupt Warzone RAT infrastructure worldwide. The FBI is releasing this product to maximize awareness on the service and to seek additional reporting from victims.

Analyst Comments:

The following are strings that can be used to identify and detect unpacked Warzone payload inside memory:

• “warzone160\x00”
  • Encryption password/key for communication with C2 server
• “Ave_Maria Stealer”
  • String in the binary code of the RAT
• “nevergonnagiveyouup”
  • Encryption password/key for communication with the C2 server

The following are other embedded communication passwords identified through the FBI’s analysis of data associated with the malware:

• “warzoneTURBO”
• “MushroomFunguy”
• “doghoroscopes”