Russian Military Cyber Actors Target US and Global Critical Infrastructure
Essential information
- Published
- 09/09/2024 08:02
- Modified
- 09/09/2024 08:30
- Tags
- 2024-09-09 cadet blizzard ember bear frozenvista gru unit 29155 uac-0056 unc2589 whispergate
- Related entities
- 10 vulnerabilities (cve), 50 observables, 25 techniques (mitre), 1 malware
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (10)
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker …
- Attack vector
- LOCAL
- Published
- 23/03/2022
- Modified
- 21/12/2025
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these …
- Attack vector
- NETWORK
- Published
- 29/07/2022
- Modified
- 14/01/2026
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
- Attack vector
- NETWORK
- Published
- 21/08/2024
- Modified
- 14/01/2026
Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during …
- Attack vector
- NETWORK
- Published
- 21/08/2024
- Modified
- 14/01/2026
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
- Attack vector
- Network
- Published
- 23/09/2022
- Modified
- 27/05/2026
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
- Published
- 27/06/2022
- Modified
- 20/12/2025
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
- Published
- 06/04/2022
- Modified
- 21/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …
- Published
- 02/06/2022
- Modified
- 27/05/2026
Observables (50)
-
179.43.175.108 -
179.43.162.55 -
179.43.142.42 -
179.43.133.202 -
112.132.218.45 -
90.131.156.107 -
194.26.29.98 -
194.26.29.95 -
194.26.29.84 -
194.26.29.251 -
112.51.253.153 -
111.111.111.111
Techniques (MITRE) (25)
-
Server Software Component MITRE
-
Gather Victim Network Information MITRE
-
Ingress Tool Transfer MITRE
-
Application Layer Protocol MITRE
-
Active Scanning MITRE
-
Network Service Discovery MITRE
-
Archive Collected Data MITRE
-
Data Destruction MITRE
-
Exploit Public-Facing Application MITRE
-
Proxy MITRE
-
Valid Accounts MITRE
-
OS Credential Dumping MITRE
Malware (1)
-
Family The MITRE Corporation Confidence 100
[WhisperGate](https://attack.mitre.org/software/S0689) is a multi-stage wiper designed to look like ransomware that has been used against multiple government, non-profit, and information technology organizations in Ukraine since at least January…
First seen 01/01/1970 · Last seen 16/11/5138 ·