Press ESC to close

Hacker Forums Reveal ICAO Leak, SonicWall Vulnerability, and Other New Exploit Sales

Category Details
Threat Actors Multiple actors on hacker forums; no specific group attribution.
Campaign Overview Data leaks, vulnerability sales, hacking services, and exploitation of known organizations.
Target Regions (Or Victims) Global organizations including ICAO, SonicWall SSLVPN users, Cisco WebUI, and Niva Bupa Insurance.
Methodology Sale of RCE vulnerabilities, database leaks, and FUD malware creation services; use of escrow and secure platforms like TOX.
Product Targeted ICAO documents, SonicWall SSLVPN, Cisco WebUI, and Niva Bupa customer data.
Malware Reference Fully Undetectable (FUD) malware configurations, including RATs and loaders.
Tools Used Escrow services, TOX, Jabber, crypting tools, and custom FUD environments.
Vulnerabilities Exploited Pre-authentication RCE in SonicWall SSLVPN (<9.x/10.x) and Cisco WebUI (<17.9.4); potential misconfigurations in databases.
TTPs Exploitation of known vulnerabilities, data exfiltration, sale on forums, crypting malware, offering samples.
Attribution Unspecified threat actors leveraging dark web platforms for selling vulnerabilities and data.
Recommendations Patch vulnerabilities, implement multi-layered security, encrypt sensitive data, monitor dark web activity, conduct regular vulnerability assessments.
Source SOCRadar 

Read full article: https://socradar.io/icao-leak-sonicwall-and-other-new-exploit-sales/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: SOCRadar

Published on: January 7, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *