Our selection of key intelligence reports this week illustrate the continued use of cyber capabilities by both sides in the Russia-Ukraine conflict. This is showcased by the new infostealer JesterStealer, which Ukraine’s Computer Emergency Response Team (CERT-UA) has warned is part of a large ongoing phishing campaign targeting Ukrainian citizen’s data, including account passwords, emails, VPN clients, chats on IM apps and cryptocurrency wallet details. We have reported on previous CERT-UA warnings of Russian offensive cyber campaigns, including Distributed Denial-of-Service attacks targeting pro-Ukrainian sites and a separate phishing campaign conducted by Russian espionage unit Gamaredon.

Despite this Russian cyber aggression, hacktivists have also targeted the Kremlin in response to the invasion of Ukraine. The latest example saw Russian media platforms and websites defaced during Victory Day on 9 May which commemorates the Soviet Union’s victory on the Eastern Front of World War II. The perpetrators left antiwar messages after renaming the programmes listed on the online TV schedule. This incident continues a trend of hacktivist activity against Russia, in which Anonymous has played a central role by compromising Russian government agencies and private sector businesses prior to leaking their data.

Key Vulnerabilities

  1. CVE-2022-138
    A vulnerability (CVS 9.8|OVS: 45) affecting several versions of F5 BIG-IP results in undisclosed requests that can bypass iControl REST authentication. The availability of a dedicated exploit code will also present lesser skilled threat actors with the opportunity to leverage the vulnerability. This means that it will likely continue to attract attention from cybercriminals and state actors who have exploited similar vulnerabilities affecting BIG-IP instances.
  2. CVE-2021-26937
    A vulnerability after encoding in GNU Screen through 4.8.0 (CVS 9.8|OVS: 20) allows remote threat actors to cause a Denial-of-Service (invalid write access and application crash) or trigger an unspecified impact via a crafted UTF-8 character sequence.
  3. CVE-2022-26937
    This vulnerability is a Windows Network File System Remote Code Execution Vulnerability (CVS 9.8|OVS: 26). Microsoft has rated the attack complexity as low suggesting that it could be widely exploited by threat actors.

Key Intelligence Reports

  1. Threat actors actively exploit F5 BIG-IP critical vulnerability CVE-2022-1388. Read full report >>
  2. Ukrainian CERT warns of ongoing campaign distributing new infostealer JesterStealer. Read full report >>
  3. Hacktivists deface Russian TV schedules and take down Russian streaming platform Rutube. Read full report >>

If you come across any issues or need assistance, please do not hesitate to reach out to Secrutiny.

What is OVS?

The Orpheus Vulnerability Score (OVS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.