background pattern
BEHIND THE HEADLINES – APRIL 2024

Supply chain attacks hit the headlines with fresh wave of leaked customer details

Supply chain network

In this edition

case study thumbnail

Lead Article

AT&T Confirm Major Data Breach Affecting Over 70million Customers

Read more
case study thumbnail

Highly Technical Supply Chain Attack Impacts XZ Utils Operations

Read more
case study thumbnail

Out of the Shadows: News Surfaces of an Emerging Ransomware Group

Read more
case study thumbnail

Feature Article

Chinese APTs Exploit Ivanti Zero-Day Vulnerabilities in New Surge of Activity

Read more
THREAT ACTOR TRENDS

Ransomware insights

According to Cybersixgill’s data, 730 ransomware results were detected on our Investigative Platform in March, in comparison with 325 results in February. The ransomware gang Clop were responsible for the highest number of ransomware attacks this month. The top targeted industries were Information Technology, Manufacturing, Finance and Professional Services. The United States, Canada, Italy and the UK were the top targeted countries.

Targeted Industries for April

The top CVE’s this month based on Cybersixgill’s data

  1. 1.

    CVE-2023-34362

    The current DVE score is 9.79. This relates to a SQL injection vulnerability found in the MOVEit Transfer web application. It allows an unauthenticated attacker to gain access to the database and potentially execute SQL statements to alter or delete database elements.

    CVSS: 9.8

    DVE: 9.79

  2. 2.

    CVE-2023-6243

    The current DVE score is 8.75. This is a heap- based buffer overflow vulnerability in the glibc library. It can result in an application crash or local privilege escalation if certain conditions are met. This vulnerability affects glibc 2.36 and newer versions.

    CVSS: 7.8

    DVE: 8.75

  3. 3.

    CVE-2024-21338

    The current DVE score is 8.7. This is a Windows Kernel Elevation of Privilege Vulnerability. This CVE is known to be related to several APTs, including Hacking Team, Lazarus Group, The Mask, APT29, and Kimsuky.

    CVSS: 7.8

    DVE: 8.7

THREAT ACTOR TRENDS

Malware insights

The most mentioned malware for March 2024

In March, Redline stealer malware had the highest number of mentions on the underground according to the Cybersixgill Investigative Portal.

This malware harvests information from browsers such as saved credentials and credit card information. More recent versions of the malware added the ability to steal cryptocurrency.

RedLine Stealer is a Malware-as-a-Service (MaaS), so threat actors can purchase it then sell the stolen data on dark web forums.

Malware for April

Live from the newsroom

  1. Palo Alto RCE Zero-Day Vulnerability: An Overview of the Actively Exploited Threat

    See Details

  2. State of the Underground 2024: addressing trends in vulnerabilities and exposures with DVE Intelligence

    See Details

  3. Suspicious NuGet Package SqzrFramework480: Unveiling the Threat Actor and Potential Impact

    See Details