Vulnerabilities

A collection of 15 posts
Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG
Malware

Fortinet Vulnerabilities Targeted as APT41 Deploys KEYPLUG

Threat Group: APT41 (RedGolf, BrazenBamboo, Grayfly, Wicked Panda) Threat Type: APT, Malware, Backdoor Exploited Vulnerabilities: CVE-2023-48788 (FortiClient EMS), CVE-2022-40684 (FortiOS/FortiProxy/FortiSwitchManager) Malware Used: KEYPLUG (Windows and Linux variants), DEEPDATA (distinct APT41 toolset) Threat Score: 🔥 Critical (8.8/10) – Due to threat actor sophistication, vulnerability severity, and cross-platform malware capabilities.
3 min read
Evolving Techniques in Cloud Atlas Cyber Attacks
Malware

Evolving Techniques in Cloud Atlas Cyber Attacks

Threat Group: Cloud Atlas (also known as Inception) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: * CVE-2017-11882: Memory corruption in Microsoft Office. * CVE-2018-0802: Formula editor vulnerability in Microsoft Office exploited via malicious RTF files. Malware Used: * VBShower: Polymorphic VBS-based backdoor. * PowerShower: PowerShell-based malware for reconnaissance and lateral movement. * VBCloud: New
4 min read
APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities
Malware

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

Threat Group: Mysterious Elephant (APT-K-47) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: WinRAR Vulnerability (CVE-2023-38831) Malware Used: Asyncshell (versions 1 through 4), ORPCBackdoor, MSMQSPY Threat Score: High (8.5/10) — Due to its targeted approach, advanced obfuscation techniques, and evolving attack vectors. Last Threat Observation: November 27, Overview APT-K-47,
3 min read
Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024
Ransomware

Akira Ransomware Adapts Its Tactics to Exploit Major Vulnerabilities in 2024

Threat Group: Akira Ransomware Threat Type: Ransomware Exploited Vulnerabilities: , CVE-2024-40766 (SonicWall), CVE-2020-3259 (Cisco), CVE-2023-20263 (Cisco), CVE-2023-20269 (Cisco), CVE-2023-27532 (Veeam), CVE-2023-48788 (Ubuntu), CVE-2024-37085 (SAP), CVE-2024-40711 (Microsoft) Malware Used: Akira, Megazord Threat Score: 8.5/10 Last Threat Observation: October 22, 2024 (Resurfaced) Overview Akira ransomware has resurfaced with advanced capabilities, exploiting
2 min read