CyberNews Briefs

Cyber-Threat Group Targets Critical RCE Vulnerability in ‘Bleed You’ Campaign

Security firm Cyfirma has released a new report detailing a critical flaw tracked as CVE-2022-34721 that has been under active attack since at least September of this year. The flaw is being exploited in an active campaign that takes advantage of the remote code execution vulnerability in Windows Internet Key Exchange Protocol Extensions. According to Cyfirma, more than 1,000 systems remain unpatched and vulnerable despite the availability of a fix for the flaw. Threat actors are able to achieve compromise and more laterally to deploy ransomware, malware, and other malicious tools.

According to Cyfirma, the threat actors speak Mandarin but could also have ties to Russian cybercriminals. Additionally, the attacks are not targeting a specific sector and instead have targeted organizations in the retails, government, IT services, and more. Victims are primarily located in Western countries such as Canada, the UK, and the US. Cyfirma also identified unknown hackers sharing the exploit link via underground forums, meaning that other threat actors are gaining access to information that could lead to future attacks.

Read More: Cyber-Threat Group Targets Critical RCE Vulnerability in ‘Bleed You’ Campaign

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.