Focus Mode
Threat Research

Green Alliance Threat Intelligence Weekly Report (2024.12.30-2025.01.05) – Green Alliance Technology Blog

admin
A series of recent security vulnerabilities and incidents have been reported, including a new “DoubleClickjacking” flaw that bypasses clickjacking protections, an open-source project One-API infected with mining software, and a significant data leak affecting residents in Rhode Island. Other issues include vulnerabilities in D-Link routers and Palo Alto firewalls, as well as risks associated with the emerging low-altitude economy. Affected Platform: D-Link routers, Palo Alto firewalls, One-API, Volkswagen electric vehicles, Rhode Island health welfare system.

Keypoints :

  • A new “DoubleClickjacking” vulnerability allows clickjacking attacks on major websites.
  • The open-source project One-API has been compromised with mining software, affecting server performance.
  • The MEMZ virus, also known as the Rainbow Cat virus, targets older Windows systems and spreads through illicit downloads.
  • A security flaw in Cariad software exposed location data of approximately 800,000 Volkswagen electric vehicles for months.
  • Cyberattacks have led to data leaks from Rhode Island’s health and welfare system.
  • The “Ficora” malware botnet exploits outdated D-Link routers to launch attacks.
  • Over 15,000 Four-Faith routers are threatened by a critical vulnerability due to default credentials.
  • Palo Alto Networks disclosed a high-risk vulnerability in its PAN-OS software that allows denial-of-service attacks.
  • Research highlights security risks associated with the low-altitude economy, emphasizing the need for enhanced safety measures.

MITRE Techniques :

  • TA0001 – Initial Access: Exploitation of vulnerabilities in D-Link routers to gain unauthorized access.
  • TA0002 – Execution: Use of the MEMZ virus to execute malicious payloads on infected systems.
  • TA0003 – Persistence: Installation of mining software on One-API servers to maintain a foothold.
  • TA0007 – Discovery: Data leak incident revealing sensitive information from the Rhode Island health welfare system.
  • TA0008 – Lateral Movement: Exploiting vulnerabilities in Four-Faith routers to execute unauthorized commands.
  • TA0009 – Collection: Gathering location data from compromised Volkswagen electric vehicles.
  • TA0011 – Command and Control: Utilizing compromised routers to establish a botnet for further attacks.

Indicator of Compromise :

  • No IoCs found.

Full Research: https://blog.nsfocus.net/2024-12-30-2025-01-05/

Tags: TROJAN, SOC, BOTNET, VULNERABILITY, CVE, LEAK, COLLECTION, LATERAL MOVEMENT