Toshiba Electronics Europe GmbH (Toshiba) announces the release of its MG10-D Series, a family of air-filled conventional magnetic recording (CMR) HDDs supporting SAS and SATA interfaces and capacities of up to 10TB. Crafted with precision engineering and over 50 years of Toshiba experience, the MG10-D Series delivers improved performance and power efficiency over prior generations. With sanitize instant erase (SIE) and self-encrypting drive (SED) options, valuable data is safeguarded by a storage solution known for its robust performance and unwavering dependability.

Built for the increasing application demands of enterprise server and storage solutions, the MG10-D Series delivers a new level of performance. For example, compared with the previous model, the new 10TB MG10ADA10TE provides an approximately 13% better maximum sustained transfer speed of 268MiB/s and doubles the cache buffer size to 512MiB. It also reduces power consumption in active idle mode by approximately 21%, to 5.74W. Architected to deliver improved total cost of ownership (TCO), the new MG10-D Series fits seamlessly into a wide variety of business-critical applications, such as email, data analytics, data retention, and surveillance.

“Toshiba’s MG10-D Series delivers exceptional performance to meet the demands of growing business critical applications. The new cutting-edge design of the MG10-D Series is engineered for sustainable enterprise environments and fits seamlessly into existing infrastructure reducing TCO,” said Larry Martinez-Palomo, Vice President, Head of Storage Products Division at Toshiba.

The MG10-D Series is a 5-disk CMR standard 3.5-inch, 7200 RPM air-filled platform. Available capacities are 2TB, 4TB, 6TB, 8TB, and 10TB for both SAS and SATA. SATA is also available in a 1TB drive. The series supports 6Gb/s SATA or 12Gb/s SAS interface options in Advanced format 512e and 4Kn. A 512n option is available on the 1TB, 2TB, and 4TB offerings to support legacy systems with native 512 byte block sizes. Designed for 24×7 enterprise reliability, the MG10-D Series has a workload rating of 550TB, an AFR of 0.44% and an MTTF/MTBF of 2M hours.

The MG10-D Series will be available in CQ3.

MG10-D Series

ASBIS Middle East, a subsidiary of ASBISC Enterprises PLC recently celebrated the 32-year anniversary of its distribution partnership with Seagate. Notably, Seagate was the first global IT vendor with whom ASBIS signed a distribution agreement in 1992, marking the start of a longstanding and successful collaboration between the two companies.

The anniversary event was held on the 25th of June at the Doubletree by Hilton hotel in Dubai. The event comprised several elements, including presentations by Arnab Majumdar, Country Manager – Kingdom of Saudi Arabia for Seagate, who showcased the latest solutions offered by Seagate. Additionally, Mr. Hesham Tantawi shared a summary of the principal milestones achieved by the two companies in their partnership. The event also included contributions from Mohit Pandey, Head of Sales META at Seagate Technology, and concluded with a celebratory cake-cutting ceremony with 200 valuable partners.

Over the past three decades, ASBIS has delivered impressive outcomes for its partners and upheld its status as the primary Seagate distributor in the EMEA region. The collaboration has progressed from distributing standard HDD, SDD, and external drives to incorporating more intricate and advanced solutions.

By Alexander Badaev, Information security threat researcher, Positive Technologies Expert Security Center and Yana Avezova, Senior Research Analyst, Positive Technologies

In cybersecurity, “vulnerability” typically evokes concern. One actively searches for it and patches it up to build robust defenses against potential attacks. Picture a carefully orchestrated robbery, where a group of skilled criminals thoroughly examines a building’s structure, spots vulnerabilities, and crafts a step-by-step plan to breach security and steal valuables. This analogy perfectly describes the modus operandi of cybercriminals, with the “kill chain” acting as their detailed blueprint.

In a recent study, analysts from Positive Technologies gathered information on 16 hacker groups attacking the Middle East analyzing their techniques and tactics. It is worth noting that most of the threats in Middle Eastern countries come from groups believed to be linked to Iran—groups such as APT35/Charming Kitten or APT34/Helix Kitten. Let’s see how APT groups operate, how they initiate attacks, and how they develop them toward their intended targets.

Step 1: The Genesis of Intrusion (Attack preparation)

It all begins with meticulous planning and reconnaissance. APT groups leave no stone unturned in their quest for vulnerable targets. They compile lists of public systems with known vulnerabilities and gather employee information. For instance, groups like APT35 aka Charming Kitten known for targeting mainly Saudi Arabia and Israel, gather information about employees of target organizations, including mobile phone numbers, which they leverage for nefarious purposes like sending malicious links disguised as legitimate messages. After reconnaissance, they prepare tools for attacks, such as registering fake domains and creating email or social media accounts for spear phishing. For example, APT35 registers accounts on LinkedIn and other social networks to contact victims, persuading them through messages and voice calls to open malicious links.

Step 2: The Initial Access: Gaining a Foothold

Once armed with intelligence, cybercriminals proceed to gain initial access to their target’s network.  Phishing campaigns, often masquerading as legitimate emails, serve as the primary means of infiltration. An example is the Desert Falcons group, observed spreading their malware through pornographic phishing. Notably, some groups go beyond traditional email phishing, utilizing social networks and messaging platforms to lure unsuspecting victims, as seen with APT35, Bahamut, Dark Caracal, and OilRig. Moreover, techniques like the watering hole method, where attackers compromise trusted websites frequented by their targets, further highlight the sophistication of these operations. Additionally, attackers exploit vulnerabilities in resources accessible on the internet to gain access to internal infrastructure. For example, APT35 and Moses Staff exploited ProxyShell vulnerabilities on Microsoft Exchange servers.

Step 3: Establishing Persistence: The Art of Concealment

Having breached the perimeter, APT groups strive to establish a foothold within the victim’s infrastructure, ensuring prolonged access and control. This involves deploying techniques such as task scheduling, as seen in the campaign against the UAE government by the OilRig group, which created a scheduled task triggering malicious software every five minutes. Additionally, many malicious actors set up malware autostart, like the Bahamut group creating LNK files in the startup folder or Dark Caracal’s Bandook trojan. Some APT groups, such as APT33, Mustang Panda, and Stealth Falcon, establish themselves in victim infrastructures by creating subscriptions to WMI events for event-triggered execution. Furthermore, attackers exploit vulnerabilities in server applications to install malicious components like web shells, which provide a backdoor for remote access and data exfiltration.

Step 4: Unraveling the Network: Internal Reconnaissance

After breaking in, APT groups don’t just sit there. They explore the system like a thief casing a house to find valuables and escape routes. This digital reconnaissance involves several steps. First, they perform an inventory check, identifying the computer’s operating system, installed programs, and updates, like figuring out a house’s security measures. For instance, APT35 might use a simple command to see if the computer is a powerful 64-bit system, capable of handling more complex tasks. Second, they map the network layout, akin to identifying valuable items and escape routes. APT groups might use basic tools like “ipconfig” and “arp” (like Mustang Panda) to see how devices are connected and communicate. They also search for user accounts and activity levels, understanding who lives in the house (figuratively) and their routines. Malicious tools, like the Caterpillar web shell used by Volatile Cedar, can list all usernames on the system. Examining running programs is another tactic, like checking for security guards. Built-in commands like “tasklist” (used by APT15 and OilRig) can reveal a list of programs currently running.

Finally, APT groups might deploy programs that hunt for secrets hidden within files and folders, like searching for hidden safes or documents. The MuddyWater group, for example, used malware that specifically checked for directories or files containing keywords related to antivirus software. By gathering this comprehensive intel, APT groups can craft targeted attacks, steal sensitive data like financial records or personal information, or exploit vulnerabilities in the system to cause even more damage.
Step 5: Harvesting Credentials: Unlocking the Vault

Access to privileged credentials is the holy grail for cyber attackers, granting them unrestricted access to critical systems and data. One common tactic is “credential dumping,” where tools like Mimikatz (used by APT15, APT33, and others) snatch passwords directly from a system’s memory, similar to stealing a key left under a doormat. Keyloggers, used by APT35 and Bahamut for example, acts like a hidden camera, silently recording keystrokes to capture usernames and passwords as victims type them in.

These stolen credentials grant access to even more sensitive areas. APT groups also exploit weaknesses in how passwords are stored. For instance, some target the Windows Credential Manager (like stealing a notepad with written down passwords). Brute-force attacks, trying millions of combinations, can crack weak passwords. Even encrypted passwords can be vulnerable if attackers have specialized tools. By employing these tactics, APT groups bypass initial security and access sensitive information or critical systems.

Step 6: Data Extraction: The Quest for Valuable Assets

Once inside, APT groups aren’t shy about snooping around. They leverage stolen credentials to capture screenshots, record audio and video (like hidden cameras and microphones), or directly steal sensitive files and databases. For instance, the Dark Caracal group employed Bandook malware, which can capture video from webcams and audio from microphones. This stolen data becomes their loot.

To ensure a smooth getaway, APT groups often employ encryption and archiving techniques. Imagine them hiding their stolen treasure chests—the Mustang Panda group, for example, encrypted files with RC4 and compressed them with password protection before shipping them out. This makes it difficult for defenders to identify suspicious activity amongst regular network traffic.

Step 7: Communication Channels: Establishing Control

APT groups rely on hidden communication channels with command-and-control (C2) servers to control infected machines and exfiltrate data. They employ various tactics to blend in with regular network traffic. This includes using common protocols (like IRC or DNS requests disguised as legitimate web traffic) and encrypting communication for further stealth.

However, some groups take it a step further. For instance, OilRig used compromised email servers to send control messages hidden within emails and then deleted them, making their C2 channel nearly invisible. These innovative techniques make it difficult for security measures to detect malicious activity, highlighting the importance of staying informed about evolving APT tactics.

Step 8: Covering Tracks: Erasing Digital Footprints

As the operation ends, APT groups meticulously cover their tracks to evade detection and prolong their presence in the compromised environment. Techniques like file obfuscation, masquerading, and indicator removal are employed to erase digital footprints and thwart forensic investigations. For example, the Bahamut group used icons mimicking Microsoft Office files to disguise malware, and the OilRig group used .doc file extensions to make malware appear as office documents. The Moses Staff group named their StrifeWater malware calc.exe to make it look like a legitimate calculator program.

To further bypass defenses, attackers often proxy the execution of malicious commands using files signed with trusted digital certificates. The APT35 group used the rundll32.exe file to execute the MiniDump function from the comsvcs.dll system library when dumping the LSASS process memory. Meanwhile, the Dark Caracal group employed a Microsoft Compiled HTML Help file to download and execute malicious files. Many APT groups also remove signs of their activity by clearing event logs and network connection histories, and changing timestamps. For instance, APT35 deleted mailbox export requests from compromised Microsoft Exchange servers. This meticulous cleaning makes it much more difficult for cybersecurity professionals to conduct post-incident investigations, as attackers often remove their arsenal of software from compromised devices after achieving their goals.

Conclusion: A Call to Vigilance

In a nutshell, the threat landscape in the Middle East is fraught with peril, as APT groups continue to refine their tactics and techniques to evade detection and wreak havoc on unsuspecting organizations. By understanding the anatomy of cyber intrusions and remaining vigilant against emerging threats, organizations can bolster their defenses and mitigate the risks posed by these sophisticated adversaries. Together, let us remain steadfast in our commitment to safeguarding the digital frontier against cyber threats.