logo
cover

Cyber Threat Intel

A report released on 27 April 2022 by a Joint Cybersecurity Advisory, a group consisting of intelligence agencies from the UK, US, Canada, New Zealand, and Australia, highlighted the most widely exploited vulnerabilities in 2021. The three vulnerabilities below all feature within the top 15 exploited vulnerabilities observed by Five Eyes cyber security authorities.


Key Vulnerabilities

A report released on 27 April 2022 by a Joint Cybersecurity Advisory, a group consisting of intelligence agencies from the UK, US, Canada, New Zealand, and Australia, highlighted the most widely exploited vulnerabilities in 2021. The three vulnerabilities below all feature within the top 15 exploited vulnerabilities observed by Five Eyes cyber security authorities.

CVE-2021-44228 OVS:100 A critical zero-day vulnerability (CVSS 3: 10|OVS: 100) affecting Apache Log4j.
CVE-2021-40539 OVS:89 This API authentication bypass vulnerability (CVSS 3: 9.8|OVS: 89) affects Zoho ManageEngine ADSelfService Plus version 6113 and previous versions and could allow threat actors to conduct remote code execution.
CVE-2021-34523 OVS:74 This is a Microsoft Exchange server elevation of privilege vulnerability on Exchange PowerShell backend (CVSS 3: 9.8|OVS: 74).

Key Intelligence Reports

CERT-UA warns of ongoing Distributed Denial of Service attacks targeting pro-Ukrainian websites. Read full report >> OVS:59
Mustang Panda targets Russian speakers with PlugX remote access trojan. Read full report >> OVS:62
North Korean espionage unit Stonefly compromises specialised engineering firm. Read full report >> OVS:59

Analyst Comment

Our selection of key IntReps and vulnerabilities this week illustrates the continued disruption and destabilisation operations conducted against Ukrainian infrastructure by Russian threat actors. Although there has been no formal attribution regarding this latest Distributed Denial of Service campaign, in which malicious JavaScript code was used to target various pro Ukrainian websites and a government portal, it does follow a pattern of Russian activity. We reported on other examples that saw prominent Ukrainian internet provider Ukrtelecom affected by serious connectivity issues and a further disruptive campaign waged against Viasat that saw communication outages across Europe.

We also reported that Chinese espionage unit Mustang Panda targeted Russian speakers with the PlugX remote access trojan. We assess this action was likely taken due to Russia’s invasion of Ukraine, and that China is attempting to collect intelligence that will inform them of the Kremlin’s geopolitical intentions, allowing Beijing to evaluate its relationship with Russia.

What is OVS?

The Orpheus Vulnerability Score (OVS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.