All articles tagged with #nation state
A suspected nation-state threat actor has deployed a new malware called Airstalk, exploiting the AirWatch API for covert C2 communication, with variants capable of capturing browser data and executing various malicious tasks, potentially targeting enterprise sectors like BPO in a sophisticated supply chain attack.
Multiple threat actors, including one working for a nation-state, gained access to a US federal agency's network by exploiting a four-year-old vulnerability that remained unpatched. Both groups exploited a code-execution vulnerability tracked as CVE-2019-18935 in a developer tool known as the Telerik user interface (UI) for ASP.NET AJAX. The vulnerability was not detected for four years, and the agency's vulnerability scanner failed to detect it due to the Telerik UI software being installed in a file path it does not typically scan. The breach is the result of someone in the unnamed agency failing to install a patch that had been available for years.