Magnet Goblin Utilizes 1-Day Vulnerabilities To Gain Initial Access
Magnet Goblin is a financially motivated threat actor well-known for swiftly exploiting 1-day vulnerabilities to gain initial access via edge devices and public-facing services for distributing sophisticated malware onto compromised victim systems since January 2022. This group methodically leveraged unpatched vulnerabilities via a range of methods to Ivanti Connect Secure VPN Magento Qlik Sense and Apache ActiveMQ servers to gain initial access and deploy malicious tools such as Nerbian RAT MiniNerbian RAT and the WarpWire credential stealer. The threat actor gathered lucrative information from compromised systems and deployed various legitimate tools such as AnyDesk Ligolo and ScreenConnect. The classified information was exfiltrated to adversarial command and control servers.