The US cybersecurity agency CISA issued an alert cautioning organizations about the exploitation of the Adobe ColdFusion vulnerability, CVE-2023-26360, initially patched in March 2023. Recent investigations uncovered its exploitation in attacks targeting a federal civilian executive branch (FCEB) agency. Threat actors used this vulnerability to gain access to two agency systems across separate incidents in June, manipulating the servers’ compromised software versions and dropping malware via HTTP POST commands. While the attackers performed reconnaissance activities to map the network, there’s no confirmation of data exfiltration or lateral movement. CISA hasn’t attributed the attacks to any specific threat group and has detailed tactics, techniques, and procedures (TTPs) along with protective recommendations in their advisory.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.