Critical RCE vulnerability affecting Citrix ADC and Citrix Gateway. APT 5 has been observed exploiting this vulnerability in the wild as per Citrix and NSA. Threat actors on the cybercrime forums were looking to buy the exploits for this vulnerability to perform arbitrary code execution.
CloudSEK discovered a threat actor group named SolidBit, offering RaaS (Ransom-as-a-Service) on an underground forum. The group is actively looking for partners to gain access to companies’ private networks in order to spread the ransomware called SolidBit.
XVigil identified a post, advertising 170 SonicVPN accesses for USD 2,000. Threat actors have been targeting SonicVPN frequently, which puts these accesses at a high risk of being exploited.
Our Research team analysed the profile of the ransomware group dubbed BlackCat. This group doesn’t have an online presence apart from an exclusive Onion site, where they post their activities, updates, and targeted victims.
CloudSEK’s contextual AI digital risk platform XVigil discovered a financially motivated ransomware group, dubbed BlueSky, speculated to be connected to the Conti ransomware group.