APT41 Compromised Six U.S. State Government Networks – FortiGuard Labs is aware of a report that threat actor APT41 compromised at least six networks belonging to U.S. state governments between May 2021 and February 2022. To gain a foothold into the victim's network, the threat actor used a number of different attack vectors: exploiting vulnerable internet-facing web applications and directory traversal vulnerabilities, performing SQL injection, and conducting deserialization attacks. The intent of APT41 appears to be reconnaissance, though how the stolen information is to be used has not yet been determined.
Top threats
Apache.Log4j.Error.Log.Remote.Code.Execution
Apache.Log4j.Error.Log.Remote.Code.Execution (CVE-2021-4104 CVE-2021-45046 CVE-2021-44228)
ZOHO.ManageEngine.DC.getChartImage.Remote.Code.Execution (CVE-2020-10189)
Citrix.Application.Delivery.Controller.VPNs.Directory.Traversal (CVE-2019-19781)
Confluence.Widget.Connector.macro.Path.Traversal (CVE-2019-3396)
MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption (CVE-2017-11882 CVE-2018-0798 CVE-2018-0802)
MS.Office.RTF.File.OLE.autolink.Code.Execution (CVE-2017-0199 CVE-2017-8570)
MS.Office.RTF.Array.Out.of.bounds.Memory.Corruption (CVE-2015-1641)
MS.Windows.MSCOMCTL.ActiveX.Control.Remote.Code.Execution (CVE-2012-0158)
MS.Windows.MSCOMCTL.ActiveX.Control.Code.Execution (CVE-2012-0158)
Managed IT services TucsonLive Wedding Bands Los AngelesBest Wedding Music Bands in Los AngelesBest Live Wedding Bands in Pebble Beach for WeddingsBest Live Wedding Bands for WeddingsTucson Managed IT ServicesManaged IT services Tucson
Activity Summary - Week Ending Mar 18, 2022
-
MikePeller
- Site Admin
- Posts: 124
- Joined: Fri Dec 02, 2005 9:39 am
- Location: Tucson
- Contact: