While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure.
Of the five vulnerabilities that came to light in recent months, CVE-2024-21887 stood out.
Within a day after the release of a proof-of-concept exploit, the group had malware in-hand capable of exploiting it.
What to Know About Magnet Goblin For some time now, the previously unnamed Magnet Goblin has been exploiting one-days in public-facing services, including the e-commerce platform Magento, the data analytics service Qlik Sense, and Apache ActiveMQ. If it compromises a vulnerability in a device running Windows, Magnet Goblin often deploys a remote monitoring and management tool, such as ConnectWise's ScreenConnect or AnyDesk.
These malware examples have a better-than-average chance of flying under the radar, not so much because of their inherent sophistication but because they're usually deployed against edge devices.
What to Do It isn't just Magnet Goblin - other major threat actors, like the Raspberry Robin ransomware group, have been whipping up one-day exploits at rates never before seen.
He encourages organizations to ensure their Linux servers and other Linux assets have endpoint protections.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 12 Mar 2024 20:10:17 +0000