Magnet Goblin Group Exploits 1-Day Vulnerabilities to Deploy Custom Linux Malware
The financially motivated threat actor group Magnet Goblin is rapidly incorporating one-day security vulnerabilities to breach edge devices and public-facing services, deploying the Nerbian RAT and MiniNerbian on compromised hosts. Their attacks have targeted unpatched Ivanti Connect Secure VPN, Magento, Qlik Sense, and possibly Apache ActiveMQ servers, with the group active since at least January 2022. The deployed malware allows for execution of arbitrary commands and exfiltration of results to a command-and-control server, with the group also utilizing tools such as WARPWIRE JavaScript credential stealer, Ligolo tunneling software, and legitimate remote desktop offerings.
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT The Hacker News
- Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities Check Point Research
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware BleepingComputer
- Cybercrime crew Magnet Goblin bursts onto the scene exploiting Ivanti holes The Register
- One-day vulnerabilities exploited in Magnet Goblin attacks SC Media
Reading Insights
0
0
1 min
vs 2 min read
70%
312 → 93 words
Want the full story? Read the original article
Read on The Hacker News