Tag: CVE-2023-48788

6 Attack Reports | 0 Vulnerabilities

Attack reports

The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices

Salt Typhoon, a Chinese state-sponsored threat actor, has been targeting major telecommunications providers worldwide by exploiting vulnerabilities in network devices. This analysis tracks global exposures of internet-facing devices associated with Salt Typhoon activity over six months, including S…
network devices
CVE-2024-21887
CVE-2023-46805
shadowpad
telecommunications
vulnerability exploitation
CVE-2023-48788
CVE-2022-3236
masol rat
ivanti connect secure
2025-04-26
chinese state-sponsored
CVE-2023-20198
sophos firewall
CVE-2023-20273
cisco ios xe
exposure tracking
fortinet forticlient ems
Published: April 26, 2025
Downloadable IOCs: 0

The BadPilot campaign: Multiyear global access operation

A Russian state actor subgroup within Seashell Blizzard has conducted a global access operation called the BadPilot campaign since 2021. The group exploits vulnerabilities in Internet-facing infrastructure to gain persistent access to high-value targets across various sectors worldwide. Their tacti…
persistence
credential theft
CVE-2024-1709
CVE-2021-34473
vulnerability exploitation
CVE-2023-42793
CVE-2023-48788
initial access
2025-02-12
CVE-2023-23397
CVE-2023-32315
badpilot
russian state actor
global operation
localolive
CVE-2022-41352
remote management
shadowlink
Published: February 12, 2025
Downloadable IOCs: 0

Attackers exploiting a FortiClient EMS vulnerability in the wild

Kaspersky's GERT team identified an attack exploiting a patched vulnerability (CVE-2023-48788) in FortiClient EMS versions 7.0.1 to 7.0.10 and 7.2.0 to 7.2.2. The attackers used SQL injection to infiltrate a company's network through an exposed Windows server. They deployed remote access tools like…
screenconnect
sql injection
forticlient ems
anydesk
credential theft
remote access
lateral movement
mimikatz
CVE-2023-48788
2024-12-19
Published: December 19, 2024
Downloadable IOCs: 0

Akira ransomware continues to evolve

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned t…
linux
ransomware
windows
rust
CVE-2024-37085
vulnerability exploitation
akira
CVE-2023-27532
esxi
CVE-2024-40766
CVE-2023-48788
double-extortion
CVE-2024-40711
CVE-2023-20269
2024-10-22
CVE-2020-3259
CVE-2023-20263
chacha8
megazord
Published: October 22, 2024
Linked vulnerabilities : CVE-2024-37085 (CVSS 6.8), CVE-2024-40766 (CVSS 9.8), CVE-2024-40711 (CVSS 9.8), CVE-2023-27532, CVE-2023-20269, CVE-2020-3259, CVE-2023-48788, CVE-2023-20263
Downloadable IOCs: 37

Medusa Ransomware: A Growing Threat with a Bold Online Presence

Medusa is a prominent ransomware group that emerged in 2023, targeting sectors such as healthcare, manufacturing, and education across multiple countries. Unlike typical ransomware operators, Medusa maintains a presence on both the dark web and surface web, including social media platforms. The gro…
ransomware
CVE-2023-48788
2024-09-18
medusa ransomware
Published: September 18, 2024
Linked vulnerabilities : CVE-2023-48788
Downloadable IOCs: 11

StopRansomware: RansomHub Ransomware

RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
privilege-escalation
cobalt strike
encryption
CVE-2020-1472
ransomware-as-a-service
ransomhub
mimikatz
CVE-2023-3519
2024-08-30
metasploit
CVE-2023-22515
CVE-2023-46604
CVE-2017-0144
CVE-2023-48788
double-extortion
CVE-2023-27997
data-exfiltration
CVE-2023-46747
critical-infrastructure
CVE-2020-0787
lateral-movement
Published: August 30, 2024
Linked vulnerabilities : CVE-2020-1472, CVE-2023-46604, CVE-2023-22515, CVE-2020-0787, CVE-2017-0144, CVE-2023-3519, CVE-2023-27997, CVE-2023-48788, CVE-2023-46747
Downloadable IOCs: 14
Click here to see more Attack Reports