May 3, 2024

Summary of Vulnerabilities, Actors & Attacks: April 2024

Vulnerabilities ExploitedAdversaries in ActionAttacks ExecutedTargeted CountriesTargeted IndustriesMITRE ATT&CK TTPs


In April, the cybersecurity landscape witnessed a surge in attention due to the discovery of eight zero-day vulnerabilities. Notably, one of these vulnerabilities (CVE-2024-3400) in Palo Alto Networks PAN-OS was exploited by the UTA0178 group, allowing unauthenticated attackers to execute code with root privileges, leading to full device control.

During the same period, ransomware attacks experienced a noticeable uptick, with strains such as LockBit 3.0, KageNoHitobito, DoNex, and Akira actively targeting victims. As ransomware continues to advance in sophistication, organizations are urged to fortify their defenses by implementing robust backup and disaster recovery strategies. Additionally, employee training to recognize and thwart phishing attacks is crucial.

In parallel, sixteen adversaries were active across diverse campaigns. STORM-1849, a group of stateaffiliated operatives, has masterminded ArcaneDoor, an intricately crafted cyber espionage endeavor. Since November 2023, this operation has strategically aimed at governmental and critical infrastructure networks on a global scale, leveraging two zero-day vulnerabilities present in Cisco ASA and FTD firewalls. As the cybersecurity landscape evolves, organizations must remain vigilant and proactively address emerging threats.

Download the pdf file to learn more

Recent Resources

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo