安全热点周报:UNC5820 威胁集群利用 Fortinet 零日漏洞窃取企业配置数据
Tags
| country: | Japan |
| attack-pattern: | Data Credentials - T1589.001 Javascript - T1059.007 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 557c401f-cdde-4835-9e97-657102549267 |
| Fingerprint | 28179406c4348aa7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 24, 2024, midnight |
| Added to db | Oct. 28, 2024, 12:55 p.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | 安全热点周报:UNC5820 威胁集群利用 Fortinet 零日漏洞窃取企业配置数据 |
| Title | 安全热点周报:UNC5820 威胁集群利用 Fortinet 零日漏洞窃取企业配置数据 |
| Detected Hints/Tags/Attributes | 28/2/27 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 266 | ✔ | 奇安信 CERT | https://wechat2rss.xlab.app/feed/981c000a01bbdc1f128d260cc91c15d3a6afb530.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 87 | cve-2024-47575 |
|
| Details | CVE | 32 | cve-2024-20481 |
|
| Details | CVE | 31 | cve-2024-37383 |
|
| Details | CVE | 49 | cve-2024-9680 |
|
| Details | CVE | 31 | cve-2024-38094 |
|
| Details | CVE | 22 | cve-2024-9537 |
|
| Details | CVE | 66 | cve-2024-38812 |
|
| Details | Domain | 17 | libcdn.org |
|
| Details | Domain | 280 | thehackernews.com |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 99 | therecord.media |
|
| Details | File | 3 | map.doc |
|
| Details | File | 2 | mozilla-warns-of-active-exploitation-in.html |
|
| Details | File | 1 | proposed-security-requirements-eo-14117-21oct24508.pdf |
|
| Details | Mandiant Uncategorized Groups | 23 | UNC5820 |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/cisco-fixes-vpn-dos-flaw-discovered-in-password-spray-attacks |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-webmail-flaw-to-steal-email-credentials |
|
| Details | Url | 4 | https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575 |
|
| Details | Url | 2 | https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/tndgxuqwwebr0xfck6dpva |
|
| Details | Url | 1 | https://mp.weixin.qq.com/s/uyvx7bap7oqey-desujzja |
|
| Details | Url | 1 | https://therecord.media/japan-casio-delays-watchmaker-ransomware |
|
| Details | Url | 1 | https://www.whitehouse.gov/briefing-room/presidential-actions/2024/10/24/memorandum-on-advancing-the-united-states-leadership-in-artificial-intelligence-harnessing-artificial-intelligence-to-fulfill-national-security-objectives-and-fostering-the-safety-se |
|
| Details | Url | 1 | https://www.cisa.gov/sites/default/files/2024-10/proposed-security-requirements-eo-14117-21oct24508.pdf |
|
| Details | Url | 1 | https://www.justice.gov/opa/pr/justice-department-issues-comprehensive-proposed-rule-addressing-national-security-risks |
|
| Details | Url | 1 | https://digital-strategy.ec.europa.eu/en/library/nis2-commission-implementing-regulation-critical-entities-and-networks |