The following host have been detected as being potentially breached based on data from SLC Security owned and operated sensors. We have decided that we would start publishing a daily list to help these organizations get their network under control. While we believe these host to be breached they may also be involved in hacking attempts on other entities or may be used by hackers as a jump point to conduct other attacks. The following list are the bad entities for the last 24 hours. Our volunteers have detected the following attackers:
- doa.la.gov - Confirmed breached
- bonescan.bidmc.harvard.edu - Confirmed breached
We have previously reported on Harvard and now they are serving up APT29 malware samples. I would seriously hope they start to contain their incidents or we will be forced to start blocking them via DNS at client sites.
It appears as though doa.la.gov has removed the infected file and bonescan.bidmc.harvard.edu has been removed from DNS records so it's not longer accessible.