HQ/EMEAFind out how we can help your business
A malicious cybercriminal group known as Magnet Goblin has been active recently after exploiting vulnerabilities that allowed them to start their operation.
Based on reports, the group’s latest antics target servers and edge devices that are susceptible to their tactics of abusing 1-day bugs. This group, active since January 2022, has been using unpatched software like Ivanti Connect Secure VPN, Magento, Qlik Sense, and possibly Apache ActiveMQ servers to infiltrate their targeted infrastructure.
Once inside, they immediately execute their activities since they have a whole arsenal to dispose of. Some of their primary weapons include a Linux malware called NerbianRAT and a crafty JavaScript tool called WARPWIRE.
These malware strains could steal your credentials quickly and efficiently, challenging the capabilities of various cybersecurity solutions. In addition, the group has also employed an elusive backdoor for Linux called MiniNerbian and some Windows RMM tools.
Once these attackers breach their targets, they can use these tools to compromise the infrastructure by running commands and collecting data from infected hosts, which is faster than commonly utilised malware campaigns.
Furthermore, researchers emphasised that financially motivated threat actors run this campaign as they focus on data exfiltration that they sell on dark web forums.
Magnet Goblin is an ongoing cybercriminal operation that uses flaw exploitation tactics to start campaigns.
The Magnet Goblin group’s malicious campaign is the latest addition to the increasing cyberattacks that capitalise on exploiting vulnerabilities.
Earlier this month, the North Korean Kimsuky APT group spotted vulnerabilities in ConnectWise ScreenConnect software to deploy the ToddlerShark malware for long-term espionage and data theft.
Moreover, the UAC-0184 hacking group used steganography to slip the Remcos RAT into unsuspecting users through phishing emails impersonating military entities and downloading mysterious loaders.
Organisations should identify and address vulnerabilities within their infrastructure to improve their cybersecurity defences. With threats evolving faster, regularly patching and vigilant monitoring of bugs is the best defence against attackers such as Magnet Goblin.
Researchers expect these threat groups to continue to increase their numbers in the following months as they become craftier in exploiting flaws that remain unattended, especially in high-profile entities.
