Summary of Vulnerabilities, Actors & Attacks: April 2024
Summary of Vulnerabilities, Actors & Attacks: April 2024
| Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Targeted Countries | Targeted Industries | MITRE ATT&CK TTPs |
| 23 | 15 | 34 | 232 | 24 | 221 |
Summary
In April, the cybersecurity landscape witnessed a surge in attention due to the discovery of eight zero-day vulnerabilities. Notably, one of these vulnerabilities (CVE-2024-3400) in Palo Alto Networks PAN-OS was exploited by the UTA0178 group, allowing unauthenticated attackers to execute code with root privileges, leading to full device control.
During the same period, ransomware attacks experienced a noticeable uptick, with strains such as LockBit 3.0, KageNoHitobito, DoNex, and Akira actively targeting victims. As ransomware continues to advance in sophistication, organizations are urged to fortify their defenses by implementing robust backup and disaster recovery strategies. Additionally, employee training to recognize and thwart phishing attacks is crucial.
In parallel, sixteen adversaries were active across diverse campaigns. STORM-1849, a group of stateaffiliated operatives, has masterminded ArcaneDoor, an intricately crafted cyber espionage endeavor. Since November 2023, this operation has strategically aimed at governmental and critical infrastructure networks on a global scale, leveraging two zero-day vulnerabilities present in Cisco ASA and FTD firewalls. As the cybersecurity landscape evolves, organizations must remain vigilant and proactively address emerging threats.
Download the pdf file to learn more
