Russian Military Cyber Actors Target US and Global Critical Infrastructure
Essential information
- Published
- 09/09/2024 08:02
- Modified
- 09/09/2024 08:30
- Tags
- 2024-09-09 cadet blizzard ember bear frozenvista gru unit 29155 uac-0056 unc2589 whispergate
- Related entities
- 10 vulnerabilities (cve), 50 observables, 25 techniques (mitre), 1 malware
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (10)
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker …
- Attack vector
- LOCAL
- Published
- 23/03/2022
- Modified
- 21/12/2025
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these …
- Attack vector
- NETWORK
- Published
- 29/07/2022
- Modified
- 14/01/2026
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
- Attack vector
- NETWORK
- Published
- 21/08/2024
- Modified
- 14/01/2026
Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during …
- Attack vector
- NETWORK
- Published
- 21/08/2024
- Modified
- 14/01/2026
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.
- Attack vector
- Network
- Published
- 23/09/2022
- Modified
- 27/05/2026
The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
- Published
- 27/06/2022
- Modified
- 20/12/2025
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute …
- Published
- 03/11/2021
- Modified
- 21/12/2025
Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
- Published
- 06/04/2022
- Modified
- 21/12/2025
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …
- Attack vector
- Local
- Published
- 03/11/2021
- Modified
- 27/05/2026
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …
- Published
- 02/06/2022
- Modified
- 27/05/2026
Observables (50)
-
81.17.24.130 -
79.124.8.66 -
62.173.140.223 -
5.226.139.66 -
46.101.242.222 -
45.141.87.11 -
185.245.85.251 -
185.245.84.227 -
179.43.189.218 -
179.43.187.47 -
179.43.176.60 -
179.43.175.38
Techniques (MITRE) (25)
-
T1596 MITRE
-
Video Capture MITRE
-
Obtain Capabilities MITRE
-
Use Alternate Authentication Material MITRE
-
Brute Force MITRE
-
Acquire Infrastructure MITRE
-
Protocol Tunneling MITRE
-
Exfiltration Over Web Service MITRE
-
Data from Information Repositories MITRE
-
Unsecured Credentials MITRE
-
Email Collection MITRE
-
Non-Application Layer Protocol MITRE
Malware (1)
-
Family The MITRE Corporation Confidence 100
[WhisperGate](https://attack.mitre.org/software/S0689) is a multi-stage wiper designed to look like ransomware that has been used against multiple government, non-profit, and information technology organizations in Ukraine since at least January…
First seen 01/01/1970 · Last seen 16/11/5138 ·