Immediate patching of the CVE-2022-31199 vulnerability is strongly recommended if the Netwrix IT system auditing software is in use. The cybersecurity authorities report that phishing emails with malicious hyperlinks are being used in addition to the exploitation of the Netwrix Auditor vulnerability to deliver TrueBot malware. Successful exploitation of the vulnerability allows a malicious actor to execute arbitrary code with SYSTEM privileges, allowing the deployment of TrueBot malware at scale within a compromised environment. TrueBot is usually installed via phishing attacks using malicious attachments however, newer versions of the malware are also being delivered by exploiting a remote code execution vulnerability in the Netwrix Auditor application – CVE-2022-31199. FIN11 has also been observed deploying Cobalt Strike beacons. FIN11 installs TrueBot, then uses the malware to deliver the FlawedGrace Remote Access Trojan (RAT), which is used to escalate privileges and maintain persistence. FIN11 has been using TrueBot malware to deploy Clop ransomware on victims’ networks. TrueBot is used by multiple threat actors including FIN11 and the Silence group. TrueBot is a downloader/botnet malware that establishes a connection with its command-and-control server, collects information on compromised systems, and is used for launching more extensive attacks on compromised networks. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) warning about a TrueBot malware campaign targeting organizations in the United States and Canada. and Canadian OrgsĪ joint cybersecurity advisory has been issued by the U.S. Cybersecurity Agencies Warn of TrueBot Malware Campaign Targeting U.S.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |