HOME space ABOUTCERTIn space KNOWLEDGEBASE space TRAINING space ADVISORIES space VULNOTES space space Facebook space Twitter space Koo space pixs
WLine
AKAM
WLine
DigitalIndia
WLine
csk
WLine
Full Member FIRST
Line
Full Member APCERT
Line
Global Research Partner APWG
Line
 Directions by CERT-In under  Section 70B, Information  Technology Act 2000 NEW
About CERT-in
Line
point point Client's /Citizen's Charter
Line
point point Roles & Functions
Line
point point Advisory Committee
Line
point point Act/Rules/Regulations
Line
point point RFC2350  NEW
line
point point Press  
Line
point point Tender 
Line
Line
point Subscribe Mailing List
Line
point Contact Us
Line
Reporting
point
Incident Reporting
Line
Vulnerability Reporting
Line
Feedback
Line
KnowledgeBase
Line
Point Guidelines
Line
Point Presentations
Line
Point White Papers 
Line
Line
point Point Annual Report 
Line
Line
Line
line
Line
Advisories
Line
VulnerabilityNotes
Line
RelatedLinks
Line
point Point World CERTs
Line
point Antivirus Resources
line
FAQ
line
line
line
line
Line
Line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
spacer
Home - Current Activities
point

CURRENT ACTIVITIES

Threat Actors Exploiting Unpatched VMware Vulnerabilities
(June 03, 2022)
It has been reported that threat actors are exploiting multiple vulnerabilities affecting various unpatched VMware products (VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation , VMware Cloud Foundation, and vRealize Suite Lifecycle Manager). An attacker could exploit these vulnerabilities to execute remote code or gain elevated privileges to root.
[More >>]
Remote code execution vulnerability in Apple products
(May 20, 2022)
It has been observed that threat actors exploiting a remote code execution vulnerability affecting Apple Watch, Apple TV and Apple Mac systems.
[More >>]
DeadBolt Ransomware targeting QNAP NAS Devices
(May 20, 2022)
It has been reported that the DeadBolt ransomware group is targeting QNAP network-attached storage (NAS) devices which are using QTS (OS).
[More >>]
Remote Code Execution vulnerability in F5 BIG-IP systems
(May 12, 2022)
It has been observed that threat actors exploiting a critical remote code execution vulnerability, affecting F5 BIG-IP.
[More >>]
Privilege Escalation Vulnerability in Microsoft Windows
(February 09, 2022)
It has been observed that Win32k Elevation of Privilege vulnerability is being exploited by cyber threat actors.
[More >>]
Privilege Escalation Vulnerability in Microsoft Windows Active Directory Domain Service
(December 31, 2021)
Multiple vulnerabilities have been reported in Microsoft Windows which could allow a remote attacker to gain elevated privileges on the targeted system.

When combining these vulnerabilities, an attacker can create a straightforward path to a Domain Admin user in an Active Directory environment. This escalation attack allows attackers to easily elevate their privilege to that of a Domain Admin once they compromise a regular user in the domain.

Systems Affected
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows Server, version 20H2 (Server Core Installation)
  • Windows Server, version 2004 (Server Core installation)
  • Windows Server 2022 (Server Core installation)
  • Windows Server 2022
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
Description

This Vulnerability exists in Microsoft Windows due to flaw in the active directory domain services. A remote attacker could exploit this vulnerability by sending a specially-crafted requestto impersonate the domain controllers directly.

Successful exploitation of this vulnerability could allow a remote attacker to gain elevated privileges on the targeted system.
[More >>]
Apache Log4j vulnerabilities (Log4Shell)
(December 16, 2021) (Updated : December 19, 2021)
Multiple vulnerabilities have been reported in Apache Log4j which could be exploited by a remote attacker to execute arbitrary code or perform a denial of service (DoS) attack on the targeted servers.

The Log4j library is frequently used in enterprise Java software and included in Apache frameworks including Apache Struts2, Apache Solr,Apache Druid, Apache Flink and Apache Swift.An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.

Due to the widespread prevalence of Log4j, there are reports that malicious actors are actively targeting organizations with vulnerable versions of Log4j. Organizations are strongly advised to implement the updates as soon as possible.

Version 1.x of the Log4j library is no longer supported and is affected by multiple security vulnerabilities. User should migrate to the latest version of Log4j (currently Log4j 2.17.0).

Systems Affected

Various implementations of:
  • Apache Log4j 1.2
  • Apache Log4j versions 2.0-alpha1 through 2.16
Description:

1. Remote Code Execution Vulnerability [Log4Shell]  (CVE-2021-44228)
[More >>]
Drinik Android malware targeting Indian banking users, masquerades as Income Tax refund
(September 21, 2021)
It has been observed that Indian banking customers are being targeted by a new type of mobile banking campaign using Drinik android malware.
[More >>]
Activities related to OnePercent Group Ransomware attacking enterprises through IceID banking Trojan
(September 01, 2021)
It has been reported that a ransomware operator dubbed as OnePercent group has been attacking enterprise networks using the Cobalt Strike post-exploit toolkit and remote PowerShell commands.
[More >>]
Phishing websites hosted on NGROK platform, targeting Indian banking customers
(August 10, 2021)
It has been observed that Indian banking customers are being targeted by a new type of phishing attack using ngrok platform. The malicious actors have abused the ngrok platform to host phishing websites impersonating internet banking portals of Indian banks. Using these phishing websites, malicious actors are collecting sensitive information of the customers like Internet Banking credentials, mobile number, One Time Password(OTP) etc. to perform fraudulent transactions.
[More >>]
Ransomwares targeting vulnerable SonicWall Devices
(July 20, 2021)
It has been reported that an imminent ransomware threat targeting unpatched, End-of-Life SRA & SMA 8.X Remote Access Devices of SonicWall.
[More >>]
Fake COVID vaccine registration App
(May 08, 2021) (Updated : June 17, 2021)
It has been reported that, a fake SMS message is in circulation that falsely claims to offer an app to let users register for COVID-19 vaccine in India.
[More >>]
Targeted attack on FireEye
(December 14, 2020)
It has been reported that Fireeye Inc! has reportedly been targeted by a cyber-attack which has resulted in the theft of their red-team / penetration testing tools.The attack campaign is reportedly attributed to a highly sophisticated actor employing novel techniques to gain access.Details of tools stolen in this cyber breach are provided below:-

AdPassHunt:- credential stealer tool that hunts Active Directory credentials.
  • 590bd7609edf9ea8dab0b5fbc38393a870b329de
  • 29385446751ddbca27c26c43015be7ab0d548b895531fba9b03d612e53bd9ff0
Beacon:- used for several goals, such as persistence, execution, privilege escalation, credential dumping, lateral movement etc.
  • 03a8efce7fcd5b459adf3426166b8bda56f8d8439c070b620bccb85a283295f4
  • e4dd5fc22ff3e9b0fa1f5b7b65fb5dfeac24aab741eee8a7af93f397b5720f4a
  • d011a846badec24a48a50d1ab50f57d356b9dd520408cbb3361182f6f0489a1e
  • 0a566a0ddbaf9975221fe842b9b77c4a8b5d71bb2c33e0a46da26deec90dcbea
  • 61cd1311d2e4663b86b5a70c2aafd5af6b247a6ebf407170296e37aaf8c69392
Beltalowda:- used for conducting variety of security-oriented checks on victim machine.
  • d80b7a31d68b5f483073ff7af0984c1090f6a493f84db7d3a301e3e35fdb4a56
  • 7b7cbb1a62faf7e7a9ee1d0254c5681779b61abd3c9763b6588857c14cccdd9b
  • 8f991317f1473fa8af3c3d6ade2551ddac01425db6e7b0c718b81c324c43730d
  • 1d841ff51f8b5b08d7b4752cd498108d4b3f82864257dbd8e35b097c766f9e24
  • 29054e2cad080a61db11a61791206ea939cbf79abee71c44fa0e7603dd168840
  • dea11a5bc6ff271e40e477d1645bdeb19454bdd8eac077e598ca56ee885fc06e
  • b89158aeac0e98f7cc2a6c3040ad2f57093bdb9064eab2c585c1250d5efa850e
  • 00d1726e2ba77c4bed66a6c5c7f1a743cf7bb480deff15f034d67cf72d558c83
  • 5cacbf4e84027cb3c0ec55940dddee6f4d368aae778d635003cb3013b547ede0
  • bb939544ac109ca674ee9de4d8b292f9b117c9c676ddab61d15a6e219ad3986c
Rubeus, Fluffy:- used to Steal or Forge Kerberos Tickets.
  • 8bebf19d54c749560301eaada2e92eb240501b8c
  • a729d51f3deff5065e4978df2f88517d26e0d5db542c9cf8501a4206d8d2432c
  • 9758688dd18db6ec86c4835d9ba67b5e209c32c81981dc69d705670f8b95d5e6
  • 0340043481091d92dcfb2c498aad3c0afca2fd208ef896f65af790cc147f8891
  • 76faeb790d1c1aa5fd3473f86f602b371682415368ddd553ebc60eb3c7683f7f
  • 0097d59dc02cbac14df25ef05fc6d75f835d1db68f760d71fa4a0a57d9960606
  • c74352729dd49829f5e398a7fc7dd033d9e4aba3d93162c4fbcbe394cc31c3d4
  • 9c6a910a047e29e07b4015866dc05e00829b888a86d1d357ed49652a9b73f1b6
  • 6c1829be1c49c04b956b431386c389a6bf83327a5e7e68ff453103820ad4464d
  • 817867c23a7bf47e99c93201f99f5eb805396327765aa76338c5f9e0c89eac4a
  • 65044ea9fea1e34042adf3ff5e5fb17fc021ba4b0775415fad2465558a782c5e
G2JS:- used for automating Microsoft Windows Script Host (WSH) scripts weaponization.
  • dcce258cc818febe2b888c8eee42aa95393b2fb4f1f2406330840ab8ad5c7d50
  • A3a8dedf82741a1997b17a44fbb1e5712ba3a5db11146519cf39281def9329a7
  • eed9402cb6fdc047b12f67493ba10970155a00086918eaad9542ab24096cc715
  • 398afc4c33e00b26466abb87668e33be766dbbf4c493fe04d180a14d14a32fa3
  • da3bdb6b9348a8d9328e669c744d0f21a83937c31894245e3157121342efe52c
  • cdabbe815b7aafa94469b97fa3665137c4d5b2da4fdd7648ba2851cf2df214fc
  • f8c8bb2ac03cc2a037ddde4ad175aa05aa80277483fcdac42627fbdcc36f64ba
  • fd2e546faed7426c448d1a11d8e1d4b8a06b5148c9c8dfa780338fac2ab53c5b
  • 0b8eab0a1961c52c141ac058c11e070d724d600cf903f2457c8ed189e7aae047
  • 117b9c9127beaf2e3ce7837c5e313084fd3926f1ebf1a77563149e08347cb029
[More >>]
Cyber Threat Signal 2021
(December 08, 2020)
Cyber threat signal 2021 publication is a joint collaborative work of CERT-In along with AusCERT (Australia CERT),KrCERT/CC (South Korea CERT) and Sri Lanka CERT|CC (Sri Lanka CERT) regarding the most pertinent cyber threats that could be witnessed in the year 2021.
[More >>]
Privilege Escalation Vulnerability in Microsoft Netlogon
(September 18, 2020)
A vulnerability has been reported in Microsoft Netlogon which could allow an attacker to cause privilege escalation on the targeted system.
[More >>]
Previous   |  Next >>
point
Indian Computer Emergency Response Team - CERT-In, Ministry of Electronics and Information Technology, Government of India.
Website Policies |  Terms of Use |  Help Last Updated On July 02, 2022