This week’s briefing covers:

00:00 - Intro and Situational Awareness
Threat Actors Exploit Four-Faith Router Flaw to Open Reverse Shells
Researchers at VulnCheck have reported that threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith F3x24 and F3x36 routers, tracked as CVE-2024-12856, to open reverse shells back to the attackers. Typically deployed in energy and utilities, transportation, telecommunications and manufacturing sectors, many routers are configured with default credentials, which are easy to brute force.

IntelBroker Claims to Leak South Korean Ministry of Environment Source Code
The threat actor “IntelBroker” has claimed responsibility for leaking the source code of the South Korean Ministry of Environment. The source code likely pertains to software systems used to manage critical environmental data, including pollution monitoring, climate change initiatives and regulatory compliance.

2:34 – Chinese APT Breaches BeyondTrust, U.S. Treasury
Key Takeaways

• BeyondTrust declared a cybersecurity incident took place in early December.
• BeyondTrust determined that an API key for RemoteSupport SaaS was compromised and subsequently notified affected customers.
• Further information regarding the intrusions is still yet to be shared.

4:46 – Supply Chain Attack Using Chrome Extensions
Key Takeaways

• Some Chrome browser extensions have been compromised to introduce malicious code for credential harvesting.
• Affected user devices were seen communicating with the malicious IP address 149[.]28.124.84 where domains were registered, mimicking the compromised extensions.
• It is recommended that users with affected browser extensions update to a fixed version or, if not patched, uninstall.
• It is further recommended to block connections to 149[.]28.124.84.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q2 2024 Threat Landscape Report: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports/q2-2024-threat-landscape-report-threat-actors-ransomware-cloud-risks-accelerate

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings

Kroll Cyber Blog: https://www.kroll.com/en/insights/publications/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber-risk/managed-security/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

#krollcyber #threatintelligence #cyberthreats