This article discusses the recent activities in the cybersecurity landscape, highlighting the leak of sensitive data from Fortigate firewalls by a group called Belsen Group, and various cybersecurity vulnerabilities, including a 0-day exploit affecting Ivanti Connect Secure. Additionally, emerging threats such as doubleclickjacking and malware distribution are detailed. The piece emphasizes ongoing exploitation of known vulnerabilities and the rapid evolution of cyber threats.
Affected: Fortigate firewalls, Ivanti Connect Secure, Small and Medium-Sized Businesses (SMBs), various online platforms.
Affected: Fortigate firewalls, Ivanti Connect Secure, Small and Medium-Sized Businesses (SMBs), various online platforms.
Keypoints :
- Belsen Group leaked sensitive data from over 15,000 Fortigate firewalls.
- The leaked data includes VPN credentials and device configurations, linked to a vulnerability from 2022.
- 54.75% of affected devices remain online, posing ongoing security risks.
- UNC5337, a China-nexus espionage actor, exploits a 0-day vulnerability in Ivanti Connect Secure.
- A bug in ChatGPT’s API enabled potential DDoS attacks, which was not addressed promptly by OpenAI.
- Researchers reported on doubleclickjacking, a new clickjacking technique for stealing credentials.
- Malware distribution through Reddit impersonations has been identified.
- Ransomware operations Hellcat and Morpheus share similar code, raising concerns about security practices.
- Numerous threat actors and tools are currently active in the cyberspace.
MITRE Techniques :
- T1040 – Network Sniffing: Belsen Group collected sensitive data from Fortigate firewalls.
- T1583 – Acquire or Use Tools: Attackers are said to have utilized tools such as WormGPT for ransomware activities.
- T1203 – Exploitation for Client Execution: UNC5337 exploited the CVE-2025-0282 vulnerability in Ivanti Connect Secure.
- T2011 – Command and Control: The Belsen Group used the TOR network for their data leak operations.
- T1499 – Endpoint Denial of Service: Potential use of ChatGPT’s API flaw for DDoS attacks.
Full Story: https://outpost24.com/blog/threat-context-monthly-january-2025/