![]() However, it is not yet certain if SPIRAL and DEV-0322 are related in any way.ĭEV-0322 was seen using CVE-2021-35211 to launch limited and targeted attacks on organizations in the Asia-Pacific, before venturing towards the US defense industrial base sector and leading companies in the North American healthcare, hospitality, education, software, and telecommunication sectors. Another Chinese APT group called SPIRAL was also seen targeting vendors. The threat campaign was attributed to a Chinese group called DEV-0322. On July 9, 2021, Microsoft informed SolarWinds of a zero-day vulnerability ( CVE-2021-35211) in its Serv-U Managed File Transfer software that was being exploited in the wild. We urge customers to immediately update systems running SolarWinds Serv-U software to version 15.2.3 HF2 and above. The Serv-U vulnerability was used as an initial access technique deviating from their usual tactics of a phishing-based approach. ![]() The cybercrime threat actor, TA505, also known as Hive0065, uses Clop ransomware for extortion attacks. : An increase in Clop ransomware victims in the last few months was traced back to the SolarWinds Serv-U FTP vulnerability which is being abused by the threat actor, TA505.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |