Attacks exploiting WhatsUp Gold flaws underway

Share This Post



BleepingComputer reports that intrusions exploiting two critical SQL injection bugs in Progress Software’s network availability and performance monitoring tool WhatsUp Gold, tracked as CVE-2024-6670 and CVE-2024-6671, have been conducted to facilitate remote code execution just five hours after the publication of proof-of-concept exploit codes by security researcher Sina Kheirkhah on Aug. 30.

After executing several PowerShell scripts using WhatsUp Gold’s Active Monitor PowerShell Script functionality, threat actors proceeded with exploiting the ‘msiexec.exe’ Windows utility to install the Atera Agent, SimpleHelp Remote Access, Splashtop Remote, and Radmin remote access tools for persistence and further payload deployment, a Trend Micro analysis showed. Despite the lack of exact attribution, ransomware operations are believed to have been involved in the intrusions due to the presence of several RATs. Such a development comes after more than a month after attacks targeted at WhatsUp Gold instances vulnerable to the critical RCE bug, tracked as CVE-2024-4885, were reported by the Shadowserver Foundation.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch