This week our team identified three critical vulnerabilities being discussed across the dark web and identified 36 Advanced Persistent Threat groups, based off of known group TTPs, that are likely to use, have used these vulnerabilities in the past.
These vulnerabilities currently impact 386 distinct instances of deployed technology across the global internet. The majority of these identified vulnerable infrastructure are located in South Africa.
This we uncovered seventeen distinct vulnerabilities being discussed across the dark web. Of those, three vulnerabilities can be found in Mitre’s ATT&CK framework. The greatest attack likelihood out of these vulnerabilities is the CVE-2020-12478 Teampass product.
In analyzing the TTPs used by the threat actors in the ATT&CK framework, we uncovered thirty-six specific APT groups which leverage various TTPs impacting these vulnerabilities.
Many of these threat actors’ country of origin is unknown; however, this week the top countries of origin are China, Iran and Russia.
Analyzing global internet infrastructure for these three vulnerabilities (CVE-2019-12425, CVE-2020-11651, CVE-2020-12478), our team was able to identify 386 instances of deployed infrastructure that are potentially susceptible to these vulnerabilities.
The majority of these vulnerabilities can be found through South Africa, followed by the US and Brazil.