Dragons in Thunder
Essential information
- Published
- 28/11/2025 07:33
- Modified
- 21/12/2025 18:16
- Tags
- 2025-11-28 CVE-2025-4427 CVE-2025-4428 CVE-2025-53770 babuk cyberspionage ivanti krustyloader lockbit rce vulnerabilities russian targets sharepoint sliver thor
- Related entities
- 4 vulnerabilities (cve), 67 observables, 1 intrusion sets (apt), 17 techniques (mitre), 5 malware, 21 others
Description
This report details the activities of two hacker groups, QuietCrabs and Thor, targeting Russian companies. QuietCrabs exploited RCE vulnerabilities in Microsoft SharePoint and Ivanti Endpoint Manager Mobile, using KrustyLoader and Sliver malware. Thor employed more common tools and techniques, attacking around 110 Russian companies across various sectors. Both groups utilized recent vulnerabilities, with QuietCrabs acting within hours of exploit publications. The report highlights the groups' tactics, tools, and targeted industries, emphasizing the need for robust cybersecurity measures to counter such sophisticated attacks.