June Threat Highlights Report

1. The mass exploitation of a vulnerability in MOVEit by Clop
The Clop ransomware group has exploited a vulnerability in MOVEit, a secure file transfer software, to gain access to sensitive data belonging to multiple organizations. The attack resulted in the leaking of data belonging to 78 organizations.
2. The use of “Bring Your Own Vulnerable Driver” (BYOVD) techniques in terminating AV/EDR
We look into a technique used by threat actors to bypass antivirus (AV) and endpoint detection and response (EDR) systems by exploiting vulnerabilities in third-party drivers. This technique involves the attacker bringing their own vulnerable driver to the system, which can then be exploited to gain access to sensitive data.
3. Activity relating to the Chinese APT group Volt Typhoon
Chinese Advanced Persistent Threat (APT) group known as Volt Typhoon is known to favor exploiting vulnerabilities in Fortinet products to gain initial access to targeted systems.
4. The poisoning of mods for popular video game Minecraft
Threat actors have created malicious mods for the popular video game Minecraft. These mods were designed to steal users’ login credentials and spread malware.
5. Hacktivism landscape updates
Latest developments in the world of hacktivism, including new groups, tactics, and targets. Hacktivism is a form of cyber activism where individuals or groups use hacking techniques to promote a political or social agenda.
6. Ransomware trends
We look into the identification of three new ransomware groups and updates on the scale of attacks and statistics relating to the most active groups throughout June.
Stay informed about the latest cybersecurity threats and trends by reading our report!

Download the June 2023 Report