| Category | Details |
|---|---|
| Threat Actors | Multiple actors on hacker forums; no specific group attribution. |
| Campaign Overview | Data leaks, vulnerability sales, hacking services, and exploitation of known organizations. |
| Target Regions (Or Victims) | Global organizations including ICAO, SonicWall SSLVPN users, Cisco WebUI, and Niva Bupa Insurance. |
| Methodology | Sale of RCE vulnerabilities, database leaks, and FUD malware creation services; use of escrow and secure platforms like TOX. |
| Product Targeted | ICAO documents, SonicWall SSLVPN, Cisco WebUI, and Niva Bupa customer data. |
| Malware Reference | Fully Undetectable (FUD) malware configurations, including RATs and loaders. |
| Tools Used | Escrow services, TOX, Jabber, crypting tools, and custom FUD environments. |
| Vulnerabilities Exploited | Pre-authentication RCE in SonicWall SSLVPN (<9.x/10.x) and Cisco WebUI (<17.9.4); potential misconfigurations in databases. |
| TTPs | Exploitation of known vulnerabilities, data exfiltration, sale on forums, crypting malware, offering samples. |
| Attribution | Unspecified threat actors leveraging dark web platforms for selling vulnerabilities and data. |
| Recommendations | Patch vulnerabilities, implement multi-layered security, encrypt sensitive data, monitor dark web activity, conduct regular vulnerability assessments. |
| Source | SOCRadar |
Read full article: https://socradar.io/icao-leak-sonicwall-and-other-new-exploit-sales/
The above summary has been generated by an AI language model
Leave a Reply