Cert2Connect

Magnet Goblin Utilizes 1-Day Vulnerabilities To Gain Initial Access

Magnet Goblin is a financially motivated threat actor well-known for swiftly exploiting 1-day vulnerabilities to gain initial access via edge devices and public-facing services for distributing sophisticated malware onto compromised victim systems since January 2022. This group methodically leveraged unpatched vulnerabilities via a range of methods to Ivanti Connect Secure VPN Magento Qlik Sense and Apache ActiveMQ servers to gain initial access and deploy malicious tools such as Nerbian RAT MiniNerbian RAT and the WarpWire credential stealer. The threat actor gathered lucrative information from compromised systems and deployed various legitimate tools such as AnyDesk Ligolo and ScreenConnect. The classified information was exfiltrated to adversarial command and control servers.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak