CISA: Truebot Malware Variants Turn to Netwirx Auditor RCE Bug

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA: Truebot Malware Variants Turn to Netwirx Auditor RCE Bug


US and Canadian government agencies find that new variants of the malware are increasingly being utilized by exploiting an RCE bug.



The Cybersecurity and Infrastructure Security Agency (CISA) this week is warning that a bevy of Truebot malware variants are increasingly being utilized by threat actors against various organizations in the US and Canada.
CISA, alongside the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Center for Cyber Security (CCCS), noted that cyber threat actors are using phishing campaigns with malicious hyperlinks to deliver Truebot variants to a variety of targets, or are using a known remote code execution (RCE) vulnerability in Netwrix Auditor — otherwise listed as CVE-2022-31199.
Truebot, alternatively known as Silence.Downloader, is a botnet used by malicious cybergroups such as
Cl0p ransomware cybergang
to gather information from the victims they target. Older variants of Truebot were mainly distributed by threat actors by phishing email attacks in the form of malicious attachments. Newer versions of the malware allow these threat actors to gain initial access by exploiting the RCE bug.
CISA, the FBI, MS-ISAC, and CCCS all urge organizations to apply vendor patches to update to the 10.5 version of Netwrix Auditor, and to use the outlined guidance in
the joint advisory
.
Any organization identifying indicators of compromise (IoCs) within their environment should urgently apply the incident responses and mitigation measures detailed in this CSA and report the intrusion to CISA or the FBI, stated the aforementioned organizations. 

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA: Truebot Malware Variants Turn to Netwirx Auditor RCE Bug