More than 1,000 systems are exposed to a campaign hunting weak Windows servers and more.
The "Bleed You" campaign is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and more than 1,000 systems are unpatched and vulnerable to compromise.
The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from Cyfirma warns, affecting vulnerable Windows OS, Windows Servers, along with Windows protocol and services. Once they achieve compromise the threat actors move laterally to deploy ransomware and other malware, the team observed.
The threat actors speak Mandarin but also have ties to the Russian cybercriminals, according to Cyfirma, which adds that the attacks aren't limited to a specific sector with targets across retail, government, IT services, and more. Victims likewise were spread across a number of mostly Western countries, including Canada, the UK, and the US.
"Attackers are actively exploiting vulnerable Windows Server machines via the IKE and AuthIP IPsec Keying Modules by exporting this bug. Users are recommended to apply patches and fixes as soon as possible to reduce the severity of exploitation of the vulnerability," Cyfirma's researchers advised. "The researchers observed that unknown hackers are sharing the exploit link on the underground forums as well."
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024