Tag: CVE-2023-46805

4 Attack Reports | 0 Vulnerabilities

Attack reports

DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists

The DragonForce ransomware group, initially a pro-Palestine hacktivist operation, has evolved into a profit-driven extortion enterprise targeting UK retailers and various global entities. Emerging in August 2023, the group now employs a multi-extortion model, threatening data leaks and reputational…
ransomware
extortion
cobalt strike
CVE-2024-21412
CVE-2021-44228
CVE-2024-21887
CVE-2023-46805
systembc
2025-05-03
CVE-2024-21893
multi-extortion
dragonforce ransomware
white-label
Published: May 3, 2025
Downloadable IOCs: 0

The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices

Salt Typhoon, a Chinese state-sponsored threat actor, has been targeting major telecommunications providers worldwide by exploiting vulnerabilities in network devices. This analysis tracks global exposures of internet-facing devices associated with Salt Typhoon activity over six months, including S…
network devices
CVE-2024-21887
CVE-2023-46805
shadowpad
telecommunications
vulnerability exploitation
CVE-2023-48788
CVE-2022-3236
masol rat
ivanti connect secure
2025-04-26
chinese state-sponsored
CVE-2023-20198
sophos firewall
CVE-2023-20273
cisco ios xe
exposure tracking
fortinet forticlient ems
Published: April 26, 2025
Downloadable IOCs: 0

Technical Deep Dive: Understanding the Anatomy of a Cyber Intrusion

This report details a sophisticated cyber intrusion targeting MITRE's research network (NERVE) through the exploitation of Ivanti Connect Secure zero-day vulnerabilities. The threat actor, suspected to be UNC5221, initiated the attack by gaining unauthorized access and subsequently deploying variou…
persistence
CVE-2024-21887
CVE-2023-46805
2024-05-24
threat
lateral movement
wirefire
giftedvisitor
bushwalk
intrusion
cyberattack
beeflush
rootrot
brickstorm
Published: May 24, 2024
Downloadable IOCs: 4

Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation

Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leading to the delivery of Mirai botnet payloads. This analysis explores the vulnerabilities, exploitation methods, observed …
botnet
2024-05-05
2024-05-06
2024-05-07
2024-05-08
mirai
ivanti
CVE-2024-21887
CVE-2023-46805
2024-05-09
2024-05-10
Published: May 10, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805
Downloadable IOCs: 23
Click here to see more Attack Reports