» Threat Intelligence Blog

Executive Summary The Checkmarx Research team has reported a sophisticated campaign which is targeting software supply chains and resulting in successful exploitation of multiple GitHub users. Key targets included the Top.gg GitHub organization, which claims to have over 170,000 users, and individual developers on the code publishing platform. The attackers employed various novel tactics, including account takeover via…

On March 21, 2023, Mandiant researchers reported their latest technical details detailing a campaign exploiting critical vulnerabilities in F5 BIG-IP and ScreenConnect, which they attribute to the Chinese state-sponsored actor known as UNC5174. Community Impact Assessment Due to the widespread use of F5 BIG-IP and ScreenConnect across global regions and industries, the RH-ISAC intelligence team…

Executive Summary Security researchers from TeamT5 have released their latest findings detailing CVE-2023-29300, a JAVA deserialization vulnerability resulting in arbitrary code execution. At least 66 devices in Japan have already been compromised via CVE-2023-29300, affecting various sectors such as healthcare, education, and manufacturing. Threat actors, including cyber-criminals and state-sponsored groups such as China-nexus APT group SLIME13 (known as Flax…

On March 18, 2024, Perception Point researchers published the technical details of a phishing campaign leveraging Microsoft Office document templates for execution and obfuscation to deliver NetSupportRAT to corporate targets based in the United States. Community Impact According to the most recent RH-ISAC Intelligence Trends Summary, Microsoft-related phishing reporting fell slightly, remains a top threat…

On March 5, 2023, Zscaler researchers reported details of a sophisticated phishing campaign they attribute to a single threat actor, leveraging fake meeting invitations for popular video conference tools to spread remote access trojans (RATs). Community Impact The RH-ISAC intelligence team assesses that this and similar campaigns constitute a moderate threat to the RH-ISAC community….