Cybersecurity researchers have successfully linked the zero-day exploitation of the Ivanti security flaws to a group of China-linked hackers. The three flaws involved are CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893. In addition to the discovery, Google Cloud subsidiary also mentioned the exploitation of CVE-2023-46805 and CVE-2024-21887 by financially motivated threat actors with a cryptocurrency mining aim.
According to Mandiant researchers, “UNC5266 overlaps in part with UNC3569, a China-nexus espionage actor that has been observed exploiting vulnerabilities in Aspera Faspex, Microsoft Exchange, and Oracle Web Applications Desktop Integrator, among others, to gain initial access to target environments.” It is worth noting that Mandiant tracks the clusters under the moniker UNC5221, UNC5266, UNC5291, UNC5325, UNC5330, and UNC5337.
Financial Firms in APAC and MENA in Danger of JSOutProx Malware
The Asian-Pacific (APAC) and Middle East and North Africa (MENA) financial organizations become the primary target of the new version of JSOutProx. Details about the attack revealed that “JSOutProx uses both JavaScript and .NET but uses the .NET (de)serialization feature to interact with a core JavaScript module running on the victim’s machine. Once executed, the malware enables the framework to load various plugins, which conduct additional malicious activities on the target.” More information about the attack chain shows it leverages spear-phishing emails containing malicious JavaScript attachments in the form of PDFs and ZIP archives harbouring HTA files for deployment purposes.
Snatch ransomware group has attacked multiple businesses, leading to varying degrees of exfiltration and exposure of data of different sizes. Some of the affected companies are listed below:
Butler, Lavanceau & Sober, LLC is a certified accounting firm that provides tax preparation, accounting, and business consulting services to small businesses and individuals. The company has over 30 employees and a revenue of $5 million.
Dörr Group: The company specializes in Automobiles, Supersportwagens, McLaren, Lamborghini, Bugatti, Pagani, Motorsports, Pininfarina, Dörr Motorsport, Aston Martin, Track Days, Kart Republic, Dörr Driving School, Frankfurt, Stuttgart, München, Berlin, Hockenheim, Home of Speed, Gebrauchtwagen, Events, Singer, BAC, Triumph, Morgan Motors, KTM, Rimac, Dallara, and Czinger. The company has over 200 employees and a revenue of $5 million.
HSPG & Associates: HSPG & Associates is a certified public accounting firm that provides quality tax accounting, auditing, internal control consulting, contract CFO services and SOX compliance services. The company has over 50 employees and a revenue of $5 million.
Retirement Line: This is the UK’s largest annuity intermediary committed to helping clients make the most of their pension savings. The company specializes in fixed-term, enhanced, investment-linked, and conventional annuities. The company has over 200 employees and a revenue of $33.8 million.
