Category | Details |
---|---|
Threat Actors | Multiple actors on hacker forums; no specific group attribution. |
Campaign Overview | Data leaks, vulnerability sales, hacking services, and exploitation of known organizations. |
Target Regions (Or Victims) | Global organizations including ICAO, SonicWall SSLVPN users, Cisco WebUI, and Niva Bupa Insurance. |
Methodology | Sale of RCE vulnerabilities, database leaks, and FUD malware creation services; use of escrow and secure platforms like TOX. |
Product Targeted | ICAO documents, SonicWall SSLVPN, Cisco WebUI, and Niva Bupa customer data. |
Malware Reference | Fully Undetectable (FUD) malware configurations, including RATs and loaders. |
Tools Used | Escrow services, TOX, Jabber, crypting tools, and custom FUD environments. |
Vulnerabilities Exploited | Pre-authentication RCE in SonicWall SSLVPN (<9.x/10.x) and Cisco WebUI (<17.9.4); potential misconfigurations in databases. |
TTPs | Exploitation of known vulnerabilities, data exfiltration, sale on forums, crypting malware, offering samples. |
Attribution | Unspecified threat actors leveraging dark web platforms for selling vulnerabilities and data. |
Recommendations | Patch vulnerabilities, implement multi-layered security, encrypt sensitive data, monitor dark web activity, conduct regular vulnerability assessments. |
Source | SOCRadar |
Read full article: https://socradar.io/icao-leak-sonicwall-and-other-new-exploit-sales/
The above summary has been generated by an AI language model
Leave a Reply