Tags
Network
ATT&CK Tactic
Initial Access (TA0001)Privilege Escalation (TA0004)
Incidents
Apache server Cryptojacking with Cobalt StrikeProphet Spider campaignAndariel exploiting Apache ActiveMQGoTitan ActiveMQ campaignLAPSUS$ campaignsP2PInfect campaign8820 Gang targeting WebLogicTrigona targeting MSSQL serversRE#TURGENCE MSSQL Server RansomOpMimic used by Trigona operatorsLucifer Botnet targeting HadoopC3Pool mining via Confluence vulnerabilityz0Miner targeting WebLogic serversMeson Network cryptojacking campaignShadowSyndicate aiohttp exploitationUNC5174 ScreenConnect and F5 BIG-IP exploitationRUBYCARP: Botnet Exploiting Vulnerabilities for CryptoK8s targeted via OpenMetadata exploitationKinsing campaigns (2020)Redigo campaignTargetCompany Abusing MSSQL Servers for RansomwareKinsing targeting cloud serversRedTail Cryptomining campaign Muhstik campaignRedJuliett Exploiting VPN and Firewall Vulnerabilities8220 Gang Exploiting WebLogic Vulnerabilities for CryptojackingCRYSTALRAY: threat actors exploiting OSS toolsRansomware operators exploit ESXi vulnerabilityDama webshell deployment via ThinkPHP exploitationRomCom exploiting Word vulnerability in campaign targeting government entitiesMicrosoft Smartscreen Vulnerability Exploited by Water HydraWindows SmartScreen vulnerability exploited by Mispadu trojanArcaneDoor Campaign Targeting Cisco Adaptive Security Appliance 0dayAPT28 Targeting Print Spooler Vulnerability for GooseEgg DeploymentRCE Vulnerability in PHP CGI Exploited by TellYouThePassMirai Botnet Exploiting Apache OFBiz VulnerabilityGodzilla Backdoor Exploiting Confluence VulnerabilityDragonRank Targeting IIS Web ServersUNC1860 Attacks Targeting the Middle EastStorm-0501 Targeting Hybrid Environments with Ransomwareperfctl Malware Targeting LinuxVeeam Vulnerability Exploited by Akira and Fog RansomwareAPT29 Targeting Zimbra and TeamCity ServersEarth Simnavaz (APT34) Targeting UAE and Gulf RegionsUNC5820 exploiting FortiManager flawBrowserStack Data BreachMozi Botnet Using AndroxGh0st Toolkit to Target Cloud EnvironmentsPrometei campaignRCE Vulnerability in PAN-OS Exploited in-the-WildBrazenBamboo Weaponizes FortiClient Vulnerability to Steal CredentialsEarth Kasha’s Campaign Exploiting Fortinet VulnerabilityState-Sponsored APT Abuse Visual Studio Code in AttacksMauri Ransomware Exploiting Apache ActiveMQ Cleo Vulnerabilities Targeted by Cl0p RansomwareByte Federal Data Breach via Gitlab VulnerabilityRCE Vulnerability in Apache Struts Targeted by AttackersUS Treasury breach via BeyondTrust supply chain attackExploitation in the wild of Aviatrix Controller RCECampaign targeting exposed FortiGate firewall management interfacesSeashell Blizzard Subgroup's Campaign Exploiting Vulnerabilities for Data ExfiltrationBlack Basta Exploiting Vulnerabilities in Multiple ProductsSilk Typhoon Targeting IT and Cloud ApplicationsPHP-CGI Vulnerability Exploited in Attacks Targeting JapanOperation LongFangOracle Cloud Potential Supply Chain BreachKrpano XSS exploitation campaignCritical Ivanti Connect Secure Vulnerability Exploited by China-linked ActorSAP NetWeaver Visual Composer exploitation campaignMimo Exploits Craft CMS RCE to Deploy Cryptominer and Proxyware in Coordinated CampaignIvanti EPMM RCE Vulnerability Chain Exploited in the WildCoordinated One-Day Cloud Scanning Operation Targets 75 Exposure PointsDragonForce Exploits SimpleHelp Vulnerabilities in Ransomware CampaignEarth Lamia Custom Toolkit Targets Multiple Sectors via Web VulnerabilitiesUTG-Q-015 Exploits 0-Days for Espionage in AsiaLangflow Vulnerability Exploited to Deliver Flodrix BotnetAttacks on Korean IIS & Linux ServersUNC5174 Exploits Ivanti CSA Zero-Days in “Houken” CampaignLinuxsys Cryptominer CampaignMimo Targets Magento, Docker, and Cloud Environments0day Vulnerability in Microsoft Sharepoint Exploited in-the-WildAWS CodeBuild Vulnerability Allows Build Process Secrets ExtractionAkira Ransomware Targeting Critical Vulnerability in SonicWall SSLVPNUAT-7237 Targets Taiwanese Web Infrastructure Using Customized Open-Source ToolsAuto-Color Malware Exploits SAP Vulnerability for Linux BackdoorWarlock Ransomware Exploiting Sharepoint Vulnerabilities Silk Typhoon Exploiting Trusted Relationships for Cloud Environments CompromiseStorm-0501 Deploys Cloud-Based RansomwareDripDropper Malware Exploits Patched Apache ActiveMQ for Persistence on Cloud Linux SystemsRenewed "ArcaneDoor" Campaign Targeting 0-day Vulnerabilities in Cisco ASACl0p Extortion Campaign Claims Theft via Oracle E-Business SuiteeBPF Rootkit Targeting AWS and Linux EnvironmentsPassiveNeuron Campaign: Espionage Campaign Targeting Windows Server EnvironmentsTata Motors Hardcoded AWS Keys and API Tokens Exposed China-Linked Actors Target U.S. Policy-Oriented Non-Profit OrganisationsCisco ISE Vulnerability Exploited as 0day by APTUnauthenticated Remote Access via Triofox Vulnerability Exploited by UNC6485Cryptomining Campaign Exploiting Exposed Ray AI InfrastructureChina-nexus Campaign Exploits CVE-2025-20393 in Cisco Email Security DevicesGeoServer RCE Exploited in CoinMiner CampaignsTeamPCP Cloud-Native Campaign Targeting Exposed Control PlanesLexisNexis breachUAT-10608 Campaign Abuses React2Shell for Cloud Credential Harvesting
Last edited
May 19, 2024 9:42 AM
Status
Stub