Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

SugarCRM as initial access to AWS envs

Type
Campaign
Actors
❓Unknown
Pub. date
August 10, 2023
Initial access
1-day vulnerability
Impact
Observed tools
PacuScoutSuite
Targeted technologies
SugarCRM
References
https://unit42.paloaltonetworks.com/sugarcrm-cloud-incident-black-hat/https://i.blackhat.com/BH-US-23/Presentations/US-23-Zimmermann-WhenaZeroDayandAccessKeysCollide.pdf?_gl=1*17wapo9*_gcl_au*MTU0NDI0MzU5OC4xNjkxNjQ5Nzc3*_ga*MTU3MjI2MDY5MS4xNjkxNjQ5Nzc3*_ga_K4JK67TFYV*MTY5MTkxNjY2NS42LjEuMTY5MTkxNjgwNS4wLjAuMA..&_ga=2.231229599.1685299571.1691914707-1572260691.1691649777https://arstechnica.com/information-technology/2023/01/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit/
Status
Stub
Last edited
Jun 2, 2024 8:02 AM

Made with 💙 by Wiz

Last Updated: April 3, 2025