UNC4466 Attack Campaign Targets Veritas Backup Exec and Deploys ALPHV Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary UNC4466 conducted an attack campaign in late 2022, gaining initial access to an internet-exposed Windows server running Veritas Backup Exec and deploying the ALPHV ransomware, with over 8,500 potentially vulnerable IP …
Money Message Ransomware Strikes with Million-Dollar Demands
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ‘Money Message’ is a new ransomware group that targets victims all over the world, demanding million-dollar ransoms to avoid data leaks and deliver a decryptor. To receive real-time threat advisories, please follow …
Multiple Command Injection Vulnerabilities Found in Cisco EPNM, ISE, and Prime Infrastructure
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary An attacker with authenticated, local access can exploit these vulnerabilities to escape the restricted shell and gain root privileges on the operating system. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Botnets Actively Exploited Realtek and Cacti Flaws
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Attacks surged exploiting Cacti and Realtek vulnerabilities, resulting in the spread of ShellBot and Moobot malware. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
A New Rorschach Ransomware Threat Employing Hybrid-Cryptography
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Rorschach is a new and highly effective ransomware that uses a hybrid-cryptography scheme and fast thread scheduling via I/O completion ports. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Winter Vivern APT targets EU with Zimbra flaw
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Winter Vivern abuses CVE-2022-27926 to attack public Zimbra webmail portals of government entities. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Unraveling North Korea’s Cyber Espionage Group APT43 Targeting Geopolitical Interests
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT43 is a cyber espionage group that serves North Korean regime interests by targeting government organizations, academics, and think tanks focused on Korean peninsula geopolitical issues, mainly in South Korea and the …
A Modular AlienFox Toolkit Used in Cloud-Based Email and Web Hosting Service Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary AlienFox is a toolkit used by attackers to target email and web hosting services, particularly cloud-based and software-as-a-service (SaaS) email hosting services. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
SmoothOperator Campaign Trojanizes 3CXDesktopApp
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The 3CX desktop app trojanized via a multi-stage supply attack chain in the SmoothOperator campaign. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Creal Stealer Preys on Cryptocurrency Users
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A phishing site that is impersonating a cryptocurrency mining platform is disseminating the New Creal Stealer. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …