The vulnerability, tracked as CVE-2023-47246, allows for arbitrary code execution and has been exploited by a threat actor known as Lace Tempest, who is associated with the deployment of Cl0p ransomware.
The North Korea-based BlueNoroff APT group has been linked with a new malware strain that is being used to target macOS systems. Dubbed ObjCShellz, the malware shares similarities with the RustBucket malware campaign, which came to light earlier this year.
The company revealed on Tuesday that a “potential security incident” discovered on November 3 involved unauthorized access to a Sumo Logic AWS account through the use of compromised credentials.
“The vulnerability can be exploited by attackers to trick users into visiting malicious websites or phishing pages by disguising the malicious URL as a legitimate one,” Cybernews researchers explained.
The malware runs a Discord bot and enables the threat actor to harvest a wide range of information, including passwords from web browsers and screenshots, execute arbitrary commands, encrypt files, and deactivate Microsoft Defender on the host.
By monitoring telemetry associated with two prominent Chinese APT groups, researchers observed network connections predominately originating from Cambodia, including inbound connections originating from at least 24 Cambodian government organizations.
On Monday evening, the maker of electronics and aerospace products replaced its website with a static message indicating some of its servers were accessed by hackers last Thursday.
The contents of the leaked database on BreachForums, as observed by Hackread.com, include publicly available information from LinkedIn profiles, containing full names and profile bios.
Farnetwork has been linked to the development and management of various ransomware strains, including JSWORM, Nefilim, Karma, Nemty, and their own program based on the Nokoyawa ransomware.
The hackers responsible for the attack, known as the DAIXIN Team, have gradually leaked samples of the stolen patient data and expressed interest in selling it to data brokers.