FOCUS MODE
EXTRACT IOC
MINDMAP
0Trash

The Weekly Threat Round-up 07/04/2025 – 13/04/2025

iocOne
The Weekly Threat Round-up 07/04/2025 – 13/04/2025
This week’s threat round-up highlights significant cyber incidents, including Oracle’s cloud data breach, vulnerabilities in Ivanti VPN appliances, and targeted cyberattacks in Ukraine. Oracle privately notified customers about sensitive data exposure, while Chinese APTs exploited vulnerabilities in Ivanti systems. Meanwhile, Ukrainian institutions faced phishing attacks involving malware deployment. Affected: Oracle Cloud, Ivanti VPN, Ukrainian institutions, Windows systems, Fortinet’s FortiSwitch, Russian entities

Keypoints :

  • Oracle experienced a data breach with leaked records by actor ‘rose87168’, prompting customer notifications.
  • 5,000 Ivanti VPN appliances are at risk due to CVE-2025–22457; exploitation is linked to Chinese APT UNC5221.
  • UAC-0226 targeted Ukrainian institutions using phishing emails to spread malware.
  • Microsoft released 126 vulnerabilities, including a critical escalation of privileges vulnerability in the Windows Common Log File System.
  • Fortinet’s FortiSwitch faced a critical flaw enabling remote password changes, with patches recommended for vulnerable versions.
  • Reports from Microsoft discussed exploitation methods related to domain controllers used by ransomware groups.
  • China admitted to Volt Typhoon attacks on critical infrastructure, allegedly in response to U.S. actions regarding Taiwan.
  • The Paper Werewolf threat actor targets Russian sectors with new PowerShell-based attack methods.

MITRE Techniques :

  • T1071.001 – Application Layer Protocol: PowerShell scripts used for remote interaction and command execution.
  • T1105 – Ingress Tool Transfer: Malware delivered through phishing emails containing macro-enabled documents.
  • T1203 – Exploitation for Client Execution: Attackers exploit vulnerabilities to execute malicious code on victims’ devices.
  • T1086 – PowerShell: Utilized to deploy and execute additional scripts on compromised systems.
  • T1046 – Network Service Scanning: Exploited vulnerabilities identified in Ivanti VPN by scanning for accessible devices.
  • T1499 – Endpoint Denial of Service: Attacks can lead to disruptions in service for affected entities.

Indicator of Compromise :

  • [CVE] CVE-2021–35587
  • [CVE] CVE-2025–22457
  • [CVE] CVE-2025–29824
  • [CVE] CVE-2024–48887
  • [Threat Actor Name] rose87168

Full Story: https://medium.com/@rileyhv/the-weekly-threat-round-up-07-04-2025-13-04-2025-8d573b69e306?source=rss——cybersecurity-5

Views: 5

Tags: LATERAL MOVEMENT, PASSWORD, GOVERNMENT, APT, TOOL, CRITICAL INFRASTRUCTURE, PHISHING, VPN