Cyber-Threat Group Targets Critical RCE Vulnerability in Bleed You Campaign

  /     /     /  
Publicated : 23/11/2024   Category : security


Cyber-Threat Group Targets Critical RCE Vulnerability in Bleed You Campaign


More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.



The Bleed You campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise. 
The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns, affecting
vulnerable Windows OS
, Windows Servers, along with Windows protocol and services. Once they achieve compromise the threat actors move laterally to deploy ransomware and other malware, the team observed.
The threat actors speak Mandarin but also have ties to the Russian cybercriminals, according to Cyfirma, which adds that the attacks arent limited to a specific sector with targets across retail, government, IT services, and more. Victims likewise were spread across a number of mostly Western countries, including Canada, the UK, and the US. 
Attackers are actively exploiting vulnerable Windows Server machines via the IKE and AuthIP IPsec Keying Modules by exporting this bug. Users are recommended to apply patches and fixes as soon as possible to reduce the severity of exploitation of the vulnerability,
Cyfirmas researchers advised
. The researchers observed that unknown hackers are sharing the exploit link on the underground forums as well. 

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cyber-Threat Group Targets Critical RCE Vulnerability in Bleed You Campaign