#CVE20241708

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

by

March 5, 2024 at 12:04PM North Korean threat actors have exploited ConnectWise ScreenConnect’s security flaws to launch TODDLERSHARK malware, overlapping with known Kimsuky malware BabyShark and ReconShark. Exploiting exposed setup wizard, threat actors execute VB-based malware, gaining ‘hands on keyboard’ access. Toddlershark exhibits polymorphic behavior and is used for reconnaissance. NIS accuses North Korea of … Read more

ScreenConnect flaws exploited to drop new ToddlerShark malware

by

March 5, 2024 at 09:39AM North Korean APT group Kimsuky exploits ScreenConnect flaws CVE-2024-1708 and CVE-2024-1709 to spread new malware variant ToddlerShark. The group uses legitimate Microsoft binaries, registry modifications, and scheduled tasks for persistent access and data exfiltration. ToddlerShark, a polymorphic malware, exhibits evasion techniques, making detection and analysis challenging. Kroll plans to share … Read more

ScreenConnect flaws exploited to drop new ToddleShark malware

by

March 4, 2024 at 05:44PM North Korean APT group Kimsuky is exploiting ScreenConnect vulnerabilities CVE-2024-1708 and CVE-2024-1709 to distribute the new ToddleShark malware. This polymorphic variant aims for long-term espionage, using legitimate Microsoft tools and scheduled tasks for persistent access. Kroll’s upcoming report will share further details and indicators of compromise for ToddleShark. From the … Read more

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

by

February 27, 2024 at 03:10AM Summary: The blog post details recent vulnerabilities in ConnectWise ScreenConnect—CVE-2024-1708 and CVE-2024-1709—exploited by threat actor groups like Black Basta and Bl00dy Ransomware gangs. It highlights the technical and operational aspects of the vulnerabilities and provides indicators of compromise for detection and mitigation. Let me know if you need any further … Read more