01.04.2020
COVID-19 CTI League launched to neutralize Corona related actors and attacks
A worldwide group of volunteering CTI experts, Incident responders and Industry experts have joined forces to identify, analyze and neutralize COVID-19 related hacks and phishing attacks. While the group evaluates all threats, it’s main focus will be working to combat hacks against medical facilities and other frontline responders to the pandemic.
CTI League aims to become one of the most reliable databases of Indicator of Compromise and global CTI sharing community where volunteers can find a secure place to share important information, and help each other with malware analysis, hunting queries and cyber investigations that can help the medical sector.
More specific towards services for the medical sector, CTI League volunteers help with takedown, triage or escalate the process; infrastructure protection, security incident investigation
In an interview with Reuters, one of the founding members Marc Rogers from Okta said the group had already dismantled one campaign that used a software vulnerability to spread malicious software. He declined to provide details, and said that in general the group would be reluctant to reveal what it was fighting.
Rogers said law enforcement had been surprisingly welcoming of the collaboration, allowing the Group to escalate cyber - attacks, malicious activity, critic vulnerabilities to agencies and the national CERTs (and vice versa).
COVID-19 CTI League is a restricted invite organization, founded by senior representatives from Okta, Microsoft and Israeli firm ClearSky Security. On their website, the group invites experts to join but asks them to complete a form for review.