Summary of Vulnerabilities, Actors & Attacks: June 2024
Summary of Vulnerabilities, Actors & Attacks: June 2024
| Vulnerabilities Exploited | Adversaries in Action | Attacks Executed | Targeted Countries | Targeted Industries | MITRE ATT&CK TTPs |
| 38 | 11 | 29 | 256 | 31 | 187 |
Summary
In June, the cybersecurity arena garnered significant attention following the identification of nine zero-day vulnerabilities. The Chief ‘Five Celebrity Vulnerabilities,’ which included critical flaws like Zerologon, UEFIcanhazbufferoverflow, Baron Samedit, Pwnkit, and Log4shell, all of which were leveraged to deploy ransomware and backdoors. Additionally, the Arm Zero-Day vulnerability CVE- 2024-4610, has been actively exploited in the wild. While the threat actors are actively exploiting a critical path-traversal vulnerability, CVE- 2024-28995, in SolarWinds Serv-U.
During this same timeframe, there was a marked increase in ransomware attacks, with variants such as TargetCompany, Knight, Fog, TellYouThePass, Black Basta, DragonForce, CatB Ransomware aggressively targeting victims. As ransomware tactics become increasingly sophisticated, it is imperative for organizations to bolster their defenses by implementing comprehensive backup and disaster recovery strategies. Furthermore, training employees to detect and prevent phishing attacks remains essential.
Concurrently, eleven threat actors were engaged in various campaigns. ExCobalt, a cyber espionage focused threat actor, has been targeting Russian organizations using an advanced Golang based backdoor called GoRed. Additionally, the espionage organization SneakyChef has launched an effort using cutting-edge Remote Access Trojans (RATs) SpiceRAT and SugarGh0st to target government entities. This malware campaign has been active since at least August 2023.
