Threat Content

Threat Name:Scattered Spider, Oktapus, UNC3944, Scatter Swine – MGM Resorts Compromise Threat Summary:On September 11th, 2023, MGM Resorts suffered a crippling ransomware attack that resulted in 10 days of computer system downtime as well as an estimated overall loss of $80,000,000. The threat actor, dubbed Scattered Spider, is claiming ownership of this hack and alleges …

Scattered Spider, Oktapus, UNC3944, Scatter Swine – MGM Resorts Compromise Read More »

Threat Name:Flax Typhoon APT Threat Summary:Flax Typhoon is a suspected China-based, nation-state threat actor whose TTPs appear to be closely aligned with espionage objectives and extended persistence. Despite activity tracing back to mid-2021, this APT’s final objectives are unknown and they have been observed mostly targeting government, education, and critical manufacturing organizations in Taiwan; Though …

Threat Brief: Flax Typhoon APT  Read More »

Threat Name: Ivanti/MobileIron Sentry Authentication Bypass Vulnerability (CVE-2023-38035) Threat Summary: CVE-2023-38035 allows an unauthenticated attacker to access sensitive admin configuration APIs on versions 9.18 and prior of Ivanti Sentry over port 8443. These configuration APIs are then used by the MobileIron Configuration Service (MICS), which upon successful exploitation, could lead to remote code execution with …

Threat Brief: Ivanti/MobileIron Sentry Authentication Bypass Vulnerability (CVE-2023-38035) Read More »

Threat Name:Storm-0558 – Authentication Token Forgery Threat Summary: Storm-0558 is suspected to be a China-based, nation-state threat actor whose TTPs are closely aligned with espionage objectives. This threat actor managed to compromise an inactive MSA signing key which was then used to sign fabricated authentication tokens. Authentication tokens are short-lived credentials that are used to …

Threat Brief: Storm-0558 Unleashes Authentication Token Forgery Read More »