North Korean Actors Behind Active Exploitation of TeamCity Vulnerability
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The North Korean threat actors Lazarus and its subgroup Andariel are actively exploiting the CVE-2023-42793 vulnerability, which is an authentication bypass vulnerability, after successful exploitation, an attacker can perform a remote code execution …
A Longstanding Zero-Day in Citrix Devices Exploited Since August
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day exploit, “Citrix Bleed,” identified as CVE-2023-4966, has been actively targeting critical vulnerabilities in Citrix NetScaler ADC/Gateway devices since late August 2023. This exploit has the potential to allow attackers …
Kimsuky Unveils New Addition to Its Malware Arsenal
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Kimsuky, a cyber-espionage group, is known for infiltrating via spear-phishing attacks, and is recognized for its versatility in using various types of malware and tools to facilitate remote control during their …
Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through a legitimate service. …
BbyStealer’s Tactic for Targeting VPN Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The BbyStealer malware resurfaces and orchestrates a sophisticated information-theft campaign, utilizing numerous phishing domains to target users of VPN applications engaged in downloading activities, with a focus on collecting sensitive information. …
Unpatched Zero-Day Vulnerability Actively Exploited in Cisco IOS XE
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The critical, unpatched security vulnerability identified as CVE-2023-20198 affects Cisco IOS XE software. Cisco IOS XE is a network operating system used in Cisco network devices. The identified flaw is an …
Lazarus Group’s Targeted Attacks on Korean Sectors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus a state-sponsored threat group, has been employing sophisticated tactics like spear phishing and supply chain attacks, and utilizing various types of malware for control. To receive real-time threat advisories, …
A New XorDDoS Linux Trojan That Launches Powerful DDoS Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The XorDDoS Trojan, a Linux-based malware, orchestrates DDoS attacks through infected devices, with a recent campaign detected in 2023. Attackers employ scanning, persistence, and C2 infrastructure changes, requiring advanced detection to …
Storm-0978 unleashes PEAPOD to target Women Political Leaders
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Storm-0978, a threat actor group, utilized a new variant of the RomCom backdoor, “ROMCOM 4.0” also referred to as PEAPOD, to target attendees of the Women Political Leaders (WPL) Summit in Brussels. This …
Attacks, Vulnerabilities and Actors 9 October to 15 October 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twenty executed attacks, two instance of adversary activity, and fourteen vulnerabilities, including two zero-day …