They're interested specifically in "information disclosure, IP address leak, or remote code execution," and say that "local privilege escalation is out of scope." The Record says the three VPN vendors haven't commented. The well-known exploit broker Zerodium is looking for exploitable flaws in ExpressVPN, NordVPN, and Surfshark. On the bright side, the exploit works against a relatively small range of targets. The Record finds it noteworthy that a moribund exploit kit obtained a relatively advanced capability. CyberScoop's discussion treats LightBasin as an espionage campaign the Record, however, characterizes the operators as "crims."Īvast reports that the Magnitude exploit kit has added capability against the Chromium family of browsers, exploiting the CVE-2021-21224 and CVE-2021-31956 vulnerabilities. Why LightBasin is collecting the data isn't entirely clear, and while it appears to be an espionage operation, CrowdStrike says, "There is currently not enough available evidence to link the cluster’s activity to a specific country-nexus." Circumstantial evidence includes strings in Pinyin, which suggests Chinese or at least Chinese-speaking operators, but this falls well short of what might be required for attribution. LightBasin has been collecting user information on a large scale, showing a particular interest in call metadata and subscriber information.
CrowdStrike has published a description of LightBasin, also tracked as UNC1945, an "activity cluster" that's been targeting global telecommunications infrastructure since 2016.
0 kommentar(er)
