simontsui, to Russia

Denmark's CERT (SektorCERT) reported that 22 companies that operate parts of Danish energy infrastructure were compromised in a May 2023 coordinated attack, linked to SANDWORM actors. Sandworm is a state-sponsored APT publicly attributed to Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies (GTsST) by the U.S. government. The attackers leveraged a Zyxel vulnerability CVE-2023-28771 (9.8 critical) to gain control of the firewall. SektorCERT's incident response report includes a detailed analysis and timeline of the attack, recommendations and IOC.
Link: https://media.licdn.com/dms/document/media/D4D1FAQG-Qsry8BH9dg/feedshare-document-pdf-analyzed/0/1699785104486?e=1700697600&v=beta&t=icNMQ-rDYgeSojoaax-1KpC7YrCF7MVtkrDClSFiKIY

#cyberespionage #GRU #SANDWORM #Russia #Denmark #criticalinfrastructure #APT #threatintel #IOC #CVE202328771 #Zyxel

GossiTheDog, (edited ) to random
@GossiTheDog@cyberplace.social avatar

Lost my toot on it from last month, but I recommend you patch any #Zyxel Zywall devices for CVE-2023-28771 - it's super exploitable, pre-auth and facing to internet by design. #CVE202328771 #vulnerabilities

Exploit by @testanull

GossiTheDog,
@GossiTheDog@cyberplace.social avatar

This #Zyxel vuln is being mass exploited now by Mirai botnet, target = whole internet. #CVE202328771

Payload https://www.virustotal.com/gui/file/f962134b1486261f1a28831c6605e0e404c39e6e29f88e4b24ce6ed3a559795c

A fuck ton of SMB VPN boxes are owned. #threatintel

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • magazineikmin
  • ethstaker
  • InstantRegret
  • tacticalgear
  • rosin
  • love
  • Youngstown
  • slotface
  • ngwrru68w68
  • kavyap
  • cubers
  • DreamBathrooms
  • provamag3
  • mdbf
  • cisconetworking
  • GTA5RPClips
  • modclub
  • khanakhh
  • everett
  • Leos
  • osvaldo12
  • normalnudes
  • tester
  • Durango
  • anitta
  • JUstTest
  • All magazines
    •