North Korean state-sponsored threat actors were observed using the recently discovered ScreenConnect vulnerabilities to steal sensitive data from their targets.
A new report from Kroll shared with TechRadar Pro found a group known as Kimsuky (AKA Thallium) abused two flaws found in ConnectWise’s solution to drop ToddleShark, an upgraded version of the group’s other backdoors, BabyShark and ReconShark.
BabyShark was previously seen on endpoints belonging to government firms, universities, and research centers in the West. While we don’t know who the victims were in this case, it’s safe to assume they’re from the same verticals.
Two ScreenConnect flaws
As for the data Kimsuky obtained this way, the researchers said they grabbed information regarding hostnames, system…
Source link