Press ESC to close

Most Exploited Vulnerabilities of 2023 (Insights to Define Cybersecurity in 2025)

APT28 (Fancy Bear)

CategoryDetails
Campaign OverviewTargeted European government, transportation, energy, and military sectors.
Target Regions/VictimsEuropean industries including critical infrastructure sectors.
MethodologyExploitation of CVE-2023-23397 (Microsoft Outlook).
Product TargetedMicrosoft Outlook for Windows.
Malware ReferenceUtilized NTLMv2 hash-stealing techniques for credential theft.
Tools UsedCustomized payloads to exploit NTLMv2 vulnerabilities through crafted emails.
Vulnerabilities ExploitedCVE-2023-23397
TTPsCredential theft, exploitation of UNC path properties in emails.
AttributionRussian state-sponsored group, Fancy Bear (APT28).
RecommendationsApply Microsoft patches, implement SMB signing, and monitor NTLM traffic for anomalies.
SourceJoint cybersecurity advisory and SOCRadar insights.

UNC4841 (Linked to China)

CategoryDetails
Campaign OverviewTargeted email security solutions and exploited zero-day vulnerabilities.
Target Regions/VictimsOrganizations using Barracuda ESG appliances, globally.
MethodologyUsed custom backdoors and reverse shells for persistent access.
Product TargetedBarracuda ESG appliances.
Malware ReferenceReverse shell backdoors.
Tools UsedEmail-based TAR file injection exploit payloads.
Vulnerabilities ExploitedCVE-2023-2868
TTPsCyber espionage, privilege escalation, deployment of backdoors.
AttributionAssessed to be linked to the People’s Republic of China.
RecommendationsRegularly update email security appliances, disable vulnerable features, and monitor for anomalous email activity.
SourceSOCRadar and advisory insights.

LockBit 3.0 Ransomware Operators

CategoryDetails
Campaign OverviewTargeted organizations using Citrix products and high-profile supply chain vulnerabilities.
Target Regions/VictimsTechnology firms, government organizations, and supply chain-related targets globally.
MethodologyExploited authentication bypass flaws, deployed ransomware payloads, and exfiltrated sensitive data.
Product TargetedCitrix NetScaler ADC & Gateway.
Malware ReferenceLockBit 3.0 ransomware payloads.
Tools UsedMFA bypass exploits, hijacked authenticated sessions.
Vulnerabilities ExploitedCVE-2023-4966 (Citrix Bleed)
TTPsRansomware deployment, session hijacking, unauthorized access.
AttributionLockBit 3.0 ransomware group.
RecommendationsStrengthen MFA configurations, apply Citrix patches promptly, and monitor session anomalies.
SourceJoint advisory and incident disclosures.

Storm-0062

CategoryDetails
Campaign OverviewExploited Atlassian Confluence vulnerabilities to infiltrate collaboration environments.
Target Regions/VictimsOrganizations using Atlassian Confluence Data Center and Server globally.
MethodologyLeveraged unauthorized administrator account creation for lateral movement.
Product TargetedAtlassian Confluence Data Center and Server.
Malware ReferenceCustomized scripts to exploit access controls.
Tools UsedAccess control bypass techniques.
Vulnerabilities ExploitedCVE-2023-22515
TTPsBroken access control exploitation, privilege escalation, APT-style infiltration.
AttributionLikely an Advanced Persistent Threat group tracked by Microsoft as Storm-0062.
RecommendationsApply Atlassian patches, disable unnecessary admin account creation features, and monitor administrative activities.
SourceJoint advisory and Microsoft threat intelligence.

Disclaimer: The above summary has been generated by an AI language model.

Source: SOCRadar

Published on: December 3, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *