Threat Intelligence

Critical RCE vulnerability affecting Citrix ADC and Citrix Gateway. APT 5 has been observed exploiting this vulnerability in the wild as per Citrix and NSA. Threat actors on the cybercrime forums were looking to buy the exploits for this vulnerability to perform arbitrary code execution.

CloudSEK Threat Intelligence Advisory on Zumanek Trojan, malware variant that hijacks bank accounts and steals crypto wallet credentials.

CloudSEK discovered a threat actor group named SolidBit, offering RaaS (Ransom-as-a-Service) on an underground forum. The group is actively looking for partners to gain access to companies’ private networks in order to spread the ransomware called SolidBit.

XVigil identified a post, advertising 170 SonicVPN accesses for USD 2,000. Threat actors have been targeting SonicVPN frequently, which puts these accesses at a high risk of being exploited.

Our Research team analysed the profile of the ransomware group dubbed BlackCat. This group doesn’t have an online presence apart from an exclusive Onion site, where they post their activities, updates, and targeted victims.

CloudSEK team identified a post on a cybercrime forum where a threat actor posted the database of Rail Coach Factory, Kapurthala, India for free.

CloudSEK threat intelligence advisory on Carbanak/ FIN7 threat group, targets banks for espionage, data exfiltration, using Carbanak malware.

CloudSEK’s contextual AI digital risk platform XVigil discovered a financially motivated ransomware group, dubbed BlueSky, speculated to be connected to the Conti ransomware group.