Key Insights: March, 2024

Global
Cybersecurity
Trends

March

2024
Foresiet.com Monthly Report

A Vision Rooted in Collective Resilience

In the face of evolving cyber threats, our

commitment is not just to protect organizations
but to empower the global community. This report
is a testament to our proactive approach, offering
insights that go beyond mere security measures.
Together, let's build a resilient digital future. The
Cyber Report we're providing is a valuable
resource for individuals across all backgrounds,
ensuring a safer digital environment for everyone. Mohit Kohli
Founder & CEO, Foresiet

This report is the culmination of the Founder’s steadfast commitment to

community welfare and education. With meticulous attention, this document
aims to provide readers with crucial situational awareness concerning cyber
threats impacting the global community. The underlying vision is deeply
rooted in the belief that shared knowledge is pivotal for fostering collective
resilience in the face of the continually evolving landscape of digital
challenges. Beyond safeguarding organizational interests, these aspirations
extend to fortifying the broader community against targeted cyber
campaigns.

The report stands as a tangible manifestation of that commitment, seeking to

quantify global risks, provide strategic insights, and cultivate a culture of
cybersecurity vigilance that transcends organizational boundaries. As we
navigate through this comprehensive analysis, it becomes abundantly clear
that he envisions a safer digital environment, wherein individuals,
businesses, and nations are equipped with the requisite tools and
understanding to effectively combat cyber threats.
Table Of Contents

01 Industry Verticals

02 Executive Summary

03 Introduction

04 Threat Trends

05 Dark Web Alert: March, 2024

06 Vulnerability and Attack Surface Management

07 CVE Monthly Prominent Vulnerability Disclosures

08 Recommended Actions

Foresiet.com
This report is intended for these roles:
Chief Information Security Officer
Director of Cyber Security
Cyber Security Architect
Cyber Security Analyst
Cyber Security Engineer
Cyber Security Consultant
Cyber Security Manager
Information Technology Security Specialist
Information Security Manager
Director of Information Technology

Verticals:
Accounting & Financial Services, Apparel & Fashion, Automotive, Aviation &
Aerospace, Banking, Business Consulting and Services, Civic & Social
Organization, Construction, Consumer Services, Defense & Space, Computer &
Network Security, Delivery Services, Education, Environmental Services, Farming,
Financial Services, FMCG, Furniture, Gov, Health Care, Hospitality, Human
Resources Services, Industrial Engineering, Information Technology & Services,
Insurance, International Trade & Development, Legal Services, Logistics & Supply
Chain, Luxury Goods & Jewellery, Management Consulting, Manufacturing,
Membership Organizations, Mining & Metals, Museums & Institutions, Music,
Nonprofit Organization Management, Oil & Energy, Packaging & Containers,
Printing, Public Policy, Publishing, Real Estate, Recreation, Research,
Restaurants, Retail, Apparel & Fashion, Sports, Wholesale, Telecommunications,
Transportation, Utilities, Wellness & Fitness, and Other.

Foresiet.com
 Executive Summary - Cybersecurity
Landscape Analysis: March 2024
The breach data from March 2024 provides a comprehensive snapshot of the
cybersecurity landscape, revealing dynamic fluctuations in threat activity across
various dimensions. From weekly breach counts to the impacts on different
industries and even global distribution across countries, the data paints a nuanced
picture of the challenges organizations face in safeguarding their digital assets.
Notably, certain trends emerge, such as the peaks in breach occurrences during
Weeks 3 and 4, indicating potential intensified security risks or vulnerabilities during
those periods. Conversely, Week 2 experienced a notable decrease in breaches,
suggesting effective mitigation measures in place or a temporary lull in threat
activity. Understanding these fluctuations is vital for organizations to adapt their
cybersecurity strategies effectively, ensuring robust defense postures against ever-
evolving threats.

Moreover, the data sheds light on the diverse array of threat actor groups
contributing to breaches across industries. From well-known entities like "Lockbit3"
and "Medusa" to lesser-known actors, the cybersecurity landscape is characterized
by a multitude of adversaries employing various tactics, from ransomware operations
to social engineering schemes. Understanding the prevalence and tactics of these
groups is crucial for organizations to fortify their defenses effectively, prioritize
resources, and implement targeted measures to mitigate risks.

Furthermore, the breach data highlights the global nature of cyber threats, with
countries across the world facing varying levels of breach occurrences. The United
States emerges as the most heavily impacted, followed by other major economies
like Germany and Canada. However, even countries with lower breach counts are
not immune to cybersecurity risks, emphasizing the need for comprehensive
cybersecurity strategies regardless of geographic location. Overall, the data
underscores the importance of proactive monitoring, collaboration, and investment
in cybersecurity infrastructure to mitigate the ever-present danger posed by cyber
adversaries and safeguard sensitive data in an increasingly interconnected digital
landscape.

Foresiet.com
 Introduction
This report serves as a comprehensive analysis, providing essential insights into the nuances of the evolving
cyber threat landscape in March 2024. By examining the trends, threat actor activities, vulnerabilities, and
impacts on various sectors, it aims to equip stakeholders with crucial information necessary to bolster
cybersecurity defences and adapt strategies to effectively counter the evolving threat landscape.

Threat Trend Weekly

Weekly, there were occurrences of cyber threats throughout the month of March 2024.

120

100

80

60

40

20

0
Mar 1 - Mar 8 Mar 9 - Mar 15 Mar 16 - Mar 22 Mar 23 - Mar 31

In March 2024, the breach data reflects a dynamic cybersecurity landscape with varying levels of threat
activity throughout the month. Week 3 emerged as the period with the highest breach count, totaling 105
incidents, closely followed by Week 4, which also reported 105 breaches. These weeks marked peaks in
breach occurrences, indicating potential intensified security risks or vulnerabilities during those times. In
contrast, Week 2 experienced a notable decrease in breaches, recording only 90 incidents, suggesting a
potential lull or effective mitigation measures in place. Week 1 fell within the mid-range with 102 breaches,
contributing to the overall pattern of fluctuations observed across the month.

Understanding these fluctuations provides valuable insights for organizations to adapt their cybersecurity
strategies effectively. By recognizing the peaks and dips in breach occurrences, businesses can bolster their
defenses during periods of heightened risk while optimizing resources during quieter times. Moreover,
analyzing the breach data enables proactive identification of potential threat trends or patterns, empowering
organizations to anticipate and mitigate future cybersecurity challenges more efficiently. This adaptive
approach ensures a robust defense posture, essential for safeguarding sensitive data and maintaining trust in
an increasingly interconnected digital landscape.

Foresiet.com
 Threat Trend Weekly

Quick Threat Analytics Reference:

Fluctuations: There's some variability in the number of breaches from week to week. Week 1 saw a
relatively high number, followed by a dip in Week 2, and then an increase again in Weeks 3 and 4.
Consistency: Despite the fluctuations, the number of breaches in Weeks 3 and 4 remained relatively
consistent, both at 105 breaches each.
Potential Trends: While it's difficult to draw definitive conclusions without more context, this data
could suggest periodic fluctuations or perhaps patterns related to external factors influencing
cybersecurity incidents during this period.

Threat Actor Groups

Popular Threat Actors

stormous8base
akira
2.5% 3.2%
raworld 4.2%
8.2% bianlian
4.2%
ransomhub
4.7% blackbasta
qilin 8.7%
2.7%
blackbyte
0.2%
cactus
play 2.5%
12.4%
dragonforce
1.5%
mogilevich hunters
0.7% 4.5%
medusa incransom
7.2% 3.2%
lockbit3
13.9%

Foresiet.com
 Threat Groups

Threat Landscape Analysis:

The data offers a glimpse into the diverse landscape of cyber threats, with various threat actor groups
contributing to breaches across industries. Notably, "Lockbit3" emerges as a significant player, accounting for
56 breaches, indicative of the growing threat posed by ransomware operations. "Medusa" and "Play" also
feature prominently, with 29 and 50 breaches, respectively, underlining the multifaceted nature of cyber
threats, encompassing malware, social engineering, and other sophisticated tactics. Alongside well-known
groups, the data highlights the presence of lesser-known actors, signaling a dynamic and evolving threat
landscape.

Understanding the tactics and prevalence of these threat groups is vital for organizations to fortify their
cybersecurity defenses effectively. By prioritizing resources and implementing targeted measures, businesses
can better defend against the diverse array of threats they face. Collaboration and information sharing within
the cybersecurity community are essential for fostering a collective response to emerging threats, bolstering
resilience in the face of evolving cyber risks. Proactive monitoring and response strategies are crucial for
organizations to mitigate the ever-present danger posed by cyber adversaries.

Quick Threat Analytics Reference:

"Lockbit3" leads with 56 breaches, indicating a significant ransomware threat.
"Medusa" and "Play" also pose substantial risks with 29 and 50 breaches, respectively.
The data showcases diverse threat actor groups, each contributing to breaches across industries.
Lesser-known groups, such as "Clop" and "Qilin," highlight the dynamic nature of the threat
landscape.
Understanding the tactics and prevalence of these groups is crucial for effective cybersecurity
defense.
Prioritizing resources and implementing targeted measures are key to defending against diverse
cyber threats.

Foresiet.com
 Impact on Company Size
Company Employee Size
Employee size in the organization and its corresponding Threat count

0-1

2 - 10

11 - 50

51 - 200

201 - 500

501 - 1,000

1,001 - 5,000

5,001 - 10,000

10,000+

Other
0 20 40 60 80 100 120

Cybersecurity Incidents Overview: March 2024

The data presents a breakdown of cybersecurity breaches based on the size of the affected companies'
employee count. Notably, companies with employee counts ranging from 51 to 200 experienced the highest
number of breaches, totaling 109 incidents. This suggests that medium-sized organizations are particularly
vulnerable to cyber threats, possibly due to their sufficient resources attracting cybercriminal attention but
potentially lacking the robust security measures of larger enterprises.

Conversely, companies with employee counts between 5,001 and 10,000 reported only one breach, while those
with 10,000 or more employees experienced 12 breaches. This apparent decrease in breach frequency as
company size increases could indicate that larger organizations have invested more heavily in cybersecurity
measures, making them less susceptible to attacks. However, it's important to note that even a single breach
in larger companies can have significant ramifications due to their extensive resources and sensitive data.

Foresiet.com
 Impact on Company Size

Moreover, the data reveals that companies with employee counts ranging from 201 to 500 and those with 11 to
50 employees also experienced a considerable number of breaches, with 51 and 114 incidents, respectively.
This highlights the widespread nature of cyber threats across companies of various sizes, emphasizing the
need for comprehensive cybersecurity strategies regardless of organizational scale. Understanding the
correlation between employee count and breach frequency can inform targeted security measures, allowing
organizations to allocate resources effectively and mitigate risks tailored to their specific vulnerabilities.

Quick Threat Analytics Reference:

Companies with 51 to 200 employees experienced the highest number of breaches, totaling 109
incidents.
Organizations with 11 to 50 employees reported 114 breaches, suggesting significant vulnerability
among smaller businesses.
Medium-sized companies with 201 to 500 employees also faced a substantial number of breaches,
totaling 51 incidents.
Larger enterprises with 10,000 or more employees reported 12 breaches, indicating comparatively
better cybersecurity resilience.
Companies with 501 to 1,000 employees experienced 20 breaches, while those with 1,001 to 5,000
employees reported 29 breaches.
Only one breach was reported by companies with employee counts ranging from 5,001 to 10,000.

Foresiet.com
 Impacted Country
Country
Country and its’s Counts of Threats

Argentina
Australia
Austria
Belgium
Bermuda
Brazil
Bulgaria
California
Canada
China
Egypt
France
Georgia
Germany
Honduras
India
Indonesia
Iran
Ireland
Italy
Japan
Lebanon
Malaysia
Mexico
Namibia
Netherlands
New Zealand
North Macedonia
Norway
Other
Peru
Poland
Portugal
Qatar
Romania
Saudi Arabia
Singapore
South Africa
South Korea
Spain
Sweden
Switzerland
Thailand
UAE
UK
US
Pakistan
0 50 100 150 200

Foresiet.com
 Impacted Country

Global Breach Trends: March 2024

The data provides insights into the distribution of cybersecurity breaches across different countries,
highlighting the global nature of cyber threats. The United States emerges as the most heavily impacted, with
179 reported breaches, reflecting its status as a prime target for cybercriminal activity due to its large economy
and extensive digital infrastructure. Germany and Canada follow closely behind, with 24 and 22 breaches
respectively, indicating significant cybersecurity challenges in these nations as well. Other countries with
notable breach counts include India with 14 breaches, China with 10, and the United Kingdom with 22,
demonstrating the widespread prevalence of cyber threats across diverse geographical regions.

While some countries, such as Argentina, Austria, and Bermuda, reported only one breach each, this does not
necessarily indicate lower cybersecurity risks. Instead, it may suggest underreporting or fewer digital assets
targeted in those regions. Additionally, the presence of countries like Singapore, Switzerland, and Sweden with
relatively lower breach counts underscores the importance of robust cybersecurity measures and proactive
threat detection and response strategies. Understanding the distribution of breaches across different countries
can inform international cybersecurity collaboration efforts and help prioritize resources to address
vulnerabilities on a global scale. It also underscores the need for continued vigilance and investment in
cybersecurity infrastructure to mitigate the risks posed by cyber threats worldwide.

Quick Reference:
The US leads with 179 breaches, followed by Germany (24) and Canada (22), showcasing significant
cyber vulnerability in major economies.

India (14), China (10), and the UK (22) also face notable breach counts, indicating widespread cyber
threats across diverse regions.
Some countries reported only one breach each, potentially due to underreporting or fewer targeted
assets.
Countries like Singapore, Switzerland, and Sweden exhibit lower breach counts, emphasizing the
importance of robust cybersecurity measures.
Understanding breach distribution informs international collaboration and resource prioritization for
global cybersecurity efforts.

Foresiet.com
 Impact on Industry
Top Targeted Industries
Industry & no of threats

Accounting
Retail, Apparel & Fashion 1.5% Construction
6.5% 9.2%

Education
Real Estate 3%
2% Facilities Services
Packaging & Containers 1%
0.7% Financial Services
3%
Other
4% FMCG
Oil & Energy 4.5%
1.7%
Marketing & Advertising Gov
1.2% 2.7%

Health care
8.5%
Manufacturing
14.9%
Information Technology & Services
6.7%

March 2024 Industry Breach Insights:

The data provides a comprehensive overview of cybersecurity breaches across various industries, highlighting
the diverse range of sectors affected by cyber threats. Manufacturing emerges as the most heavily impacted
industry, with 60 reported breaches, underscoring the vulnerability of critical infrastructure and supply chains
to cyberattacks. Health care follows closely behind with 34 breaches, reflecting the heightened risks
associated with the sensitive data and interconnected systems within the healthcare sector. Similarly, the
construction industry reports a significant number of breaches at 37 incidents, indicating cybersecurity
challenges within the sector.

Information Technology & Services, another critical sector, experiences 27 breaches, reinforcing the notion
that even organizations specializing in cybersecurity and technology are not immune to cyber threats. Financial
Services and FMCG (Fast-Moving Consumer Goods) industries also face notable breach counts, with 12 and 18
incidents respectively, suggesting persistent risks to financial data and consumer privacy. Additionally,
industries such as Education, Government, and Retail, Apparel & Fashion report double-digit breach counts,
highlighting the widespread impact of cyber threats across diverse sectors.

Foresiet.com
 Impact on Industry

Understanding the distribution of breaches across industries is crucial for developing targeted cybersecurity
strategies tailored to the specific risks and vulnerabilities faced by each sector. It emphasizes the importance
of implementing robust security measures, fostering cybersecurity awareness, and promoting information
sharing and collaboration within and across industries to effectively mitigate cyber risks. Additionally, it
underscores the need for regulatory compliance and industry standards to safeguard critical infrastructure,
sensitive data, and consumer trust in an increasingly digitized world.

Quick Reference: March 2024 Industry Breaches

Manufacturing is the most impacted industry with 60 breaches, highlighting vulnerabilities in critical
infrastructure and supply chains.
Health care follows closely with 34 breaches, indicating risks associated with sensitive data and
interconnected systems.
Construction reports 37 breaches, showcasing cybersecurity challenges within the sector.
Information Technology & Services experience 27 breaches, demonstrating vulnerability despite
specialization in cybersecurity.
Financial Services and FMCG (Fast-Moving Consumer Goods) sectors face 12 and 18 breaches
respectively, suggesting persistent risks to financial data and consumer privacy.
Education, Government, and Retail, Apparel & Fashion industries report double-digit breach counts,
underlining the widespread impact of cyber threats across diverse sectors.
Understanding breach distribution informs targeted cybersecurity strategies tailored to specific industry
risks and vulnerabilities.

Foresiet.com
 Dark Web Alert: March 2024
Quick Highlight:
Dark web threat "BeCthulhu" at $500/month showcases macOS system security
challenges.

Linux DDOS botnet "Mushi Bot" source code revelation raises alarms about potential
abuse.

Foresiet.com
 Incident Detail
Italian store odettedanza.it's data breach stresses the need for robust cybersecurity.

Turtlemint.com's data breach underscores the critical importance of online platform

cybersecurity.

A recent data leak has uncovered a substantial cache of ZoomInfo leads, comprising over
100,000 lines of valuable information, as shared by user Addka72424. The leaked data
encompasses detailed records from two prominent sectors: real estate and staffing/recruiting.
These records offer a wealth of insights into potential leads for various business endeavors. In
the leaked dataset pertaining to real estates, information such as names, lead titles, work and
direct phone numbers, email addresses with corresponding scores, company websites, names,
phone numbers, locations, sizes, and industries of the associated companies are included.
Additionally, valuable online presence details like LinkedIn, Facebook, and Twitter profile URLs
further enhance the potential utility of these leads for targeted marketing and outreach efforts.

Foresiet.com
 Incident Detail

A recent data breach and scam alert have emerged regarding restorecord.com, a bot
service, affecting approximately 2,871 users. The breach includes leaked Next.js and PHP
source codes, along with compromised emails, usernames, browser data, and IPs. Despite
knowledge of the breach, the owner allegedly concealed this information from users.
Reports of scam activities targeting users have surfaced, resulting in financial losses. The
owner, known as xenos1337, has a documented history of unethical behavior and scamming.
This underscores the importance of caution when engaging with online services and the
need for enhanced security measures to mitigate such risks.

The recent acquisition of confidential documents from the Ukraine Military Administration
has revealed the orchestrated removal of Deputy Chief O.Yu. Kuzminov from his position.
This removal was conducted through legal channels, suggesting a well-coordinated effort
by higher authorities within the organization. Complicating matters, the involvement of the
notorious hacking collective, Cyberia Hacking Group, has added another layer of
complexity to the situation, raising questions about potential external influence or
manipulation within the organization.

Recent reports have exposed a significant breach of user data associated with
restorecord.com, affecting approximately 2,871 users. Initially trusted, restorecord was found
to have a backdoor embedded by its owner, xenos1337, facilitating the illicit transfer of
sensitive user information to "inf0sec." The breach includes leaked source codes and user
data, highlighting a disregard for privacy and security. Mak0001, who uncovered the breach,
has emphasized the owner's history of exploitation. Users are advised to safeguard their
information and consider alternative platforms like VaultCord or Restorio. The community
must remain vigilant against similar scams, advocating for transparency and accountability to
ensure a safer digital landscape. This incident underscores the importance of community-
driven vigilance in combating cyber threats.

Foresiet.com
 Incident Detail
A recent data breach has occurred at Santal Pargana College, Dumka, a prestigious
institution established in 1954. Claimed by the hacking group Nusantara, the breach has
compromised sensitive personal data of both staff and students affiliated with the college.
This incident highlights vulnerabilities in the institution's cybersecurity infrastructure, posing
significant risks to the privacy and security of individuals' personal information.

The Black Hunt ransomware group has reemerged with an upgraded variant, Black Hunt 2.0,
featuring enhanced functionalities and capabilities. This new version introduces several
novel options designed to streamline encryption procedures and circumvent detection
measures, thereby posing substantial cybersecurity risks.

Foresiet.com
 Incident Detail

In March 2024, Mr. Green Gaming, an online gaming community, faced a data breach leading
to the exposure of around 27,000 user records. The breach, acknowledged via the
community's Discord server, compromised sensitive user details such as email and IP
addresses, usernames, geographic locations, and dates of birth.

In March 2024, Mr. Green Gaming, an online gaming community, faced a data breach leading
to the exposure of around 27,000 user records. The breach, acknowledged via the
community's Discord server, compromised sensitive user details such as email and IP
addresses, usernames, geographic locations, and dates of birth.

Foresiet.com
 Incident Detail

In January 2024, a major data breach impacted the Federal Bureau of Investigation (FBI),
leading to unauthorized access and extraction of sensitive information. The breach
compromised personal and confidential data belonging to individuals associated with the FBI.

A significant data breach has been reported concerning PlatoOnline.com, as of March 6,

2024. The breach involves the compromise of the entire website's database, which is
available for unauthorized access. The database, formatted in .sql and measuring 6.7GB,
poses a serious risk to the privacy and security of users' information. Access to the entire
database has been granted, potentially exposing sensitive user data to unauthorized parties.

Foresiet.com
 Incident Detail
A significant data breach has been reported concerning PlatoOnline.com, as of March 6,
2024. The breach involves the compromise of the entire website's database, which is
available for unauthorized access. The database, formatted in .sql and measuring 6.7GB,
poses a serious risk to the privacy and security of users' information. Access to the entire
database has been granted, potentially exposing sensitive user data to unauthorized parties.

In a bold act of cyber warfare, Anonymous Sudan's hacking division, @InfraShutdown, has
launched a large-scale assault on the digital infrastructure of the French Interministerial
Directorate of Digital Affairs. Targeting over 17,000 IPs and devices, along with 300+ domains,
the attack effectively disrupted crucial government and organizational sectors. With key
government websites and subdomains incapacitated, the repercussions of this assault are
expected to ripple across France. Solely executed by @InfraShutdown's DDoS
infrastructure, the attack highlights the vulnerability of digital government endpoints,
emphasizing the urgent need for robust cybersecurity measures in today's interconnected
world. French authorities are reportedly grappling with the extensive fallout from the breach.

Foresiet.com
 Incident Detail
A significant breach has been reported involving the Indian Government's database, shared
by user HikkI-Chan on the Breachforums Community. The leaked database, provided in "xlsx"
format, contains extensive personal information including names, mobile numbers, email
addresses, residential addresses, cities, states, industries, and dates of birth. The leaked
sample reveals individuals associated with various government entities across different
states in India, including government and railway institutions, reflecting the widespread
impact of the breach. With a total of 106,361 lines compromised, the sheer volume of leaked
information raises serious concerns regarding privacy and security. This breach underscores
the urgent need for bolstered cybersecurity measures to safeguard sensitive government
data from unauthorized access and exploitation.

A breach report concerning the FBI Department of Justice has been posted by a user named
xsvshacker on the Breachforums Community. The breach entails a detailed list of personnel
within the FBI, containing names, designations, phone numbers, and email addresses. The
leaked data covers various roles within the FBI, including supervisors, agents, contractors,
and interns. The exposure of sensitive contact information associated with individuals
involved in FBI operations raises considerable security and privacy concerns.

Foresiet.com
 Incident Detail
A breach involving the State Bank of India database has been disclosed by a user named
WANTEDFORBLOOD on the Breachforums Community. The leaked data appears to comprise
detailed employee information, encompassing names, contact details, addresses, employment
history, and possibly additional sensitive data.

A user named Auditor is advertising access to the backoffice/admin panel of a major Spanish
cryptocurrency exchange on the Breachforums Community. This access offers extensive
capabilities, enabling users to access and manipulate sensitive information such as user
details, crypto wallets, and transactions. The advertised features include viewing and
modifying user data, creating admin accounts, managing customer accounts, verifying and
removing KYC information, and blocking customers. The price for this access is $10,000,
payable exclusively in XMR (Monero), and the seller guarantees it will work with a trusted
middleman (MM).

Foresiet.com
 Incident Detail
A user named succumb is offering a sophisticated rootkit/miner called RKvSphere 1.0,
specifically targeting vSphere/ESX hosts. This kernel-mode rootkit seamlessly integrates into
the hypervisor layer to avoid detection and utilizes compromised virtual machines for XMR
cryptocurrency mining. Key features include VMKernel Patching, EDR/AV Evasion, Firewall
Evasion via eBPF, Start-up Persistence, TOR Network Communication, RSA/AES Network
Encryption, CLI-based C2, and various modules for tasks like reverse shell, file copying, XMR
mining deployment, and more. The advertised price for the full source code is $8,000,
negotiable. This advertisement highlights the rootkit's advanced capabilities and the
potential risks it poses to compromised vSphere/ESX hosts.

A user named succumb is offering a sophisticated rootkit/miner called RKvSphere 1.0,

specifically targeting vSphere/ESX hosts. This kernel-mode rootkit seamlessly integrates into
the hypervisor layer to avoid detection and utilizes compromised virtual machines for XMR
cryptocurrency mining. Key features include VMKernel Patching, EDR/AV Evasion, Firewall
Evasion via eBPF, Start-up Persistence, TOR Network Communication, RSA/AES Network
Encryption, CLI-based C2, and various modules for tasks like reverse shell, file copying, XMR
mining deployment, and more. The advertised price for the full source code is $8,000,
negotiable. This advertisement highlights the rootkit's advanced capabilities and the
potential risks it poses to compromised vSphere/ESX hosts.

Foresiet.com
 Incident Detail
"Duyane" is marketing themselves as a seller of lifetime products, including software like
Malwarebytes, Windows, Office, and Eset. They've shared a shop link on shoppy.gg and their
Telegram contact for further inquiries. With over 2000 positive reviews, they boast a solid
reputation. They also offer an Escrow App for added transaction security, appealing to
cautious buyers.

A forum user known as "Trax875" has purportedly admitted to hacking into the Ministry of
Defense in South Africa, revealing a trove of sensitive data. This breach has sparked
significant concern within national security circles, highlighting glaring deficiencies in
cybersecurity measures. Continued monitoring of this evolving situation is advised for future
updates.

Foresiet.com
 Incident Detail

In a massive cyberattack, the hacker group @ShinyHunters has successfully breached the
AT&T Division Database from 2021, exposing around 70 million lines of sensitive data.
Utilizing encrypted values manipulation, the group has substituted them with Social Security
Numbers (SSNs) and Dates of Birth (DOBs) acquired from other sources. The compromised
database contains personal details including names, contact numbers, addresses, and email
addresses, raising serious alarms about data security and privacy. This breach has
widespread implications, affecting consumers across multiple regions.

In a significant data breach development, the PYLC Insurance database has been
compromised, with the leaked information now available for download on multiple breach
forums, raising alarming concerns regarding data privacy and security. The breach, which
occurred in March 2024, impacts approximately 63,000 users of PYLC, a prominent
insurance company in Mexico. The exposed data includes a plethora of sensitive details such
as quote numbers, policy numbers, premiums, charges, fees, discounts, taxes, start and end
dates, user IDs, and comprehensive insurance particulars. This breach not only jeopardizes
personal and financial information but also highlights critical vulnerabilities in cybersecurity
practices within the insurance sector.

Foresiet.com
 Incident Detail

DirectUK-Pill.com, an esteemed information security site, has recently been breached by the
notorious Kalihunt/Russia hacking team, raising grave concerns about the security of
sensitive information. This cyberattack underscores the persistent threats faced by online
platforms and highlights the urgent need for enhanced cybersecurity measures to protect
against such breaches.

Tamil Nadu Open University (TNOU) has become the latest target of the infamous hacking
group, TEAM CYBER MAFIA, resulting in the shutdown of the university's official website. This
cyber attack has severely disrupted access to critical educational resources and services
provided by the university, impacting both students and staff alike.

Foresiet.com
 Incident Detail

The hacking group "LulzSec Muslims" has claimed responsibility for a string of cyber
attacks, resulting in the disabling of several notable websites. Among the affected sites are
the Sama Dubai Channel, Abu Dhabi Drama, Dubai TV channel, United Arab Emirates
University (UAEU), Emirates International University, and a cybersecurity website. The group
has issued a warning against hackers accepting Israeli data from strangers, alleging that
traitors seek to undermine Arab and Muslim hackers. Recent events have seen electronic
strongholds compromised, prompting vigilance within the cybersecurity community.
Authorities are actively addressing the threats posed by "LulzSec Muslims" and other
potential malicious actors. Stay updated for further developments on this cybersecurity
incident.

Foresiet.com
 Incident Detail

Foresiet.com
 Incident Detail

Foresiet.com
 Incident Detail

Foresiet.com
 Incident Detail
In a shocking turn of events, the Anonymous Collective has managed to breach the Israeli
nuclear database, leading to the exposure of over 6 GB of sensitive information. The leaked
data, comprising emails, documents, and files, provides unprecedented insights into Israel's
nuclear program.

The individual known for "589forum" has initiated a fresh forum named "Zero Day Market."
This platform is dedicated to offering zero-day vulnerabilities categorized from moderate to
extremely critical levels, catering to cybersecurity enthusiasts and vulnerability researchers.
The forum can be accessed at ZeroDayMarket.com.

Foresiet.com
 Incident Detail

A significant emergence has taken place on the dark web with the introduction of "Dark
Army," a newly formed hacking group and forum. Renowned for its "hacker-for-hire" services,
this collective operates within the territories of the People's Republic of China and the
Russian Federation. Comprised of skilled IT cybersecurity experts, hackers, certified pen-
testers, and digital investigators, Dark Army has swiftly established itself as a formidable and
trustworthy entity within the darknet community.

Foresiet.com
 Incident Detail

The leakage of Italy’s "Piracy Shield" platform source code and internal documentation on
GitHub has triggered heated debates regarding censorship, free speech, and the efficacy of
the platform developed by SP Tech Legal for AGCOM. Critics argue that the platform's
content-blocking methods lack transparency and due process, potentially leading to
arbitrary censorship, while advocates stress the importance of balanced piracy enforcement
that respects democratic principles and safeguards against undue censorship. The incident
highlights the ongoing challenge of finding solutions to piracy without compromising
fundamental freedoms and the openness of the internet, sparking discourse on the
intersection of technology, copyright enforcement, and users' rights to access information
and express themselves online.

Foresiet.com
 Incident Detail

A potent new hacking tool, EagleSpy Android RAT 3.0, has surfaced, presenting a notable
menace to mobile device security. Crafted by Xpert Techy, this software empowers users to
remotely infiltrate mobile phones effortlessly, circumventing security protocols and
extracting sensitive data.

The threat group "NoName" has recently launched a series of cyberattacks targeting
websites in Poland and Luxembourg, coinciding with the upcoming local elections in Poland.
These attacks have disrupted various services, including the Electronic Toll Collection
System and the Gdań sk Transport Company in Poland, as well as the mPay App used for toll
road payments. Additionally, municipal administrations in Luxembourg, including Vianden,
Diekirch, Differdange, and Ettelbrück, have also been targeted by the group. The motive
behind these attacks appears to be linked to ongoing protests by cab drivers in Poland
demanding higher fares and protesting against competition from transportation apps.

Foresiet.com
 Incident Detail
Team 1910 has carried out hacking attacks on the UN Security Council, obtaining information
through treacherous means. The group, led by Commander MG400, has infiltrated the
Security Council's systems and extracted sensitive data. This breach raises significant
concerns about cybersecurity and highlights the ongoing threats posed by malicious actors
in cyberspace.

The Nusantara hacking group has recently claimed responsibility for a series of cyber
attacks on several websites. The targeted sites include dsobhandara.co.in, dsowardha.co.in,
flyctsofttech.com/nusantara.html, dsochandrapur.co.in, and
lubhanshuhealthcare.com/nusantara.html. These attacks resulted in successful defacement,
as confirmed by Zone-H, a website defacement archive.

Foresiet.com
Vulnerability and Attack Surface Management

Vulnerability and Attack Surface Management

In March 2024 we identified 3,339 vulnerabilities, with 213 classified as

critical vulnerabilities. Among these critical vulnerabilities, 27 currently have
publicly available exploits. It's worth noting that all 40 exploits out of 3,339
vulnerabilities carry an EPSS score ranging from 0.04% to 97.21%, indicating
a High Level of Potential Exploitation

Foresiet research team has identified exploits available for Opportunistic

Threat actors found in the Dark web, to target easy attacks. Listing a few:
CVE-2024-27298, CVE-2024-22039, CVE-2024-31115, CVE-2024-30510,
CVE-2024-30247, CVE-2024-30225, CVE-2024-30224, CVE-2024-27957,
CVE-2024-27767, CVE-2024-24578, CVE-2024-3094, CVE-2024-2227, CVE-
2024-2086, CVE-2023-49815, CVE-2023-23656, etc.,

In March 2024, four newly disclosed, actively exploited vulnerabilities

affected JetBrains TeamCity, various Apple products, and FortiClient
Endpoint Management Server (EMS) software.

Three high-risk vulnerabilities were actively exploited after third parties,

independent of affected software vendors, disclosed PoC exploit code. This
highlights ongoing tension and debate within the security community about
the best approach to vulnerability disclosure from a defender's perspective.

JetBrains blamed Rapid7’s disclosure of PoC code for the active

exploitation of two newly disclosed, high-risk TeamCity vulnerabilities, CVE-
2024-27198 and CVE-2024-27199. Rapid7 published the PoC code just five
hours after JetBrains released patches for the vulnerabilities.

Foresiet.com
CVE Monthly Prominent Vulnerability Disclosures
Affected Vendor/ Vulnerability Type/ Component
# Vulnerability Zero Day
Product

1 CVE-2024-27198 JetBrains TeamCity In JetBrains TeamCity before 2023.11.4, this vulnerability enables authentication bypass
Yes
allowing attackers to perform administrative actions.
Risk Score: 99

A memory corruption issue was addressed with improved validation. An attacker with
Apple iPad OS, WatchOS,
2 CVE-2024-23225 iPhone OS, macOS, tvOS,
arbitrary kernel read and write capability may be able to bypass kernel memory
Yes
Risk Score: 99
protections. Apple is aware of a report that this issue may have been exploited. This issue
watchOS
is fixed in iOS 16.7.6, iPadOS 16.7.6, iOS 17.4, and iPadOS 17.4.

A memory corruption issue was addressed with improved validation. An attacker with
Apple iPad OS,
3 CVE-2024-23296 WatchOS, iPhone OS,
arbitrary kernel read and write capability may be able to bypass kernel memory
Yes
Risk Score: 99
protections. Apple is aware of a report that this issue may have been exploited. This
macOS, tvOS, watchOS
issue is fixed in iOS 17.4 and iPadOS 17.4.

Fortinet FortiClient An improper neutralization of special elements used in an sql command ('sql injection')
4 CVE-2023-48788 Enterprise in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and FortiClientEMS 7.0.1 through
Yes
Management Server 7.0.10 allows an attacker to execute unauthorized code or commands via specially
Risk Score: 99
(EMS) crafted packets.

An improper authentication vulnerability has been reported to affect several QNAP

operating system versions. If exploited, the vulnerability could allow users to
CVE-2024-21899 QNAP QTS compromise the security of the system via a network. The issue is fixed in the following
5 No
Risk Score: 79 versions: QTS 5.1.3.2578 build 20231110 and later, QTS 4.5.4.2627 build 20231225 and
later, QuTS hero h5.1.3.2578 build 20231110 and later, QuTS hero h4.5.4.2626 build
20231225 and later, and QuTScloud c5.1.5.2651 and later.

6 CVE-2024-27199 JetBrains TeamCity

In JetBrains TeamCity before 2023.11.4, this vulnerability enables path traversal allowing
Yes
attackers to perform administrative actions.
Risk Score: 79

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI
VMware ESXi VMware USB controller. A malicious actor with local administrative privileges on a virtual machine
7 CVE-2024-22252 Fusion VMware may exploit this issue to execute code as the virtual machine's VMX process running on
the host. On ESXi, the exploitation is contained within the VMX sandbox, whereas on
No
Risk Score: 79 Workstation
Workstation and Fusion, this may lead to code execution on the machine where
Workstation or Fusion is installed.

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows an

8 CVE-2023-41724 ConnectWise
unauthenticated threat actor to execute arbitrary commands on the underlying No
ScreenConnect
Risk Score: 76 operating system of the appliance within the same physical or logical network.

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI
USB controller. A malicious actor with local administrative privileges on a virtual machine
9
CVE-2024-22253 Mastodon
may exploit this issue to execute code as the virtual machine's VMX process running on
No
the host. On ESXi, the exploitation is contained within the VMX sandbox, whereas on
Risk Score: 75
Workstation and Fusion, this may lead to code execution on the machine where
Workstation or Fusion is installed.

Foresiet.com
 Recommended Actions

Enhanced Cybersecurity Measures: Urgent reinforcement of cybersecurity protocols,

including regular updates, patches, and securing critical systems against known
vulnerabilities.

Heightened Vigilance: Continuous monitoring of networks and systems, particularly in

critical sectors like government, defense, healthcare, and finance.

Employee Awareness Training: Educate employees on cybersecurity best practices,

including password hygiene, phishing awareness, and device security.

Incident Response Planning: Develop robust incident response plans to minimize

damage in case of a cyber attack or breach.

Dark Web Monitoring: Continuous monitoring of Dark Web channels for potential data
leaks, threats, or indications of upcoming attacks.

This threat intelligence report highlights the critical need for proactive measures to defend
against a diverse range of cyber threats emanating from various threat actors, emphasizing
the importance of cybersecurity preparedness and resilience across industries and
government sectors.

Please note that the information provided is based on available data and intelligence
reports. For comprehensive threat intelligence & mitigation strategies please reach out to
Foresiet Threat Intelligence team.

Foresiet.com
Foresiet Integrated Digital Risk Protection (IDRP)
(One-Click Plug and Play IDRP Solution)

Digital Risk
Protection

Anti-Phishing Brand
Shield Protection
Integrated
Digital Risk
Protection
(IDRP) Attack
Compliance &
Third-party Surface
Assessment Management

Threat
Intelligence

Foresiet.com

Digital Risk Protection Brand Protection Attack Surface Management

Real-time digital risk monitoring to Powerful surveillance to deter Comprehensive attack surface management
secure operations from unseen threats. intellectual property theft and to reduce exposure and seal off
protect brand integrity. vulnerabilities.

Threat Intelligence Compliance & Third- Anti-Phishing Shield

Advanced threat analytics to gain party Assessment Proactive phishing defense system to ward
unparalleled foresight and outsmart off deceptive threats and keep
potential cyber attacks. Thorough assessments to ensure
communications and data secure.
impeccable standards within the
organization and across the entire
vendor network.

Foresiet's Integrated Digital Risk Protection (IDRP) solution is your one-stop shop for cyber defense. It
scans the deep and dark web for threats to your brand, identifies vulnerabilities in your IT infrastructure,
and assesses the cybersecurity posture of your vendors. Plus, it shields your employees from phishing
attacks and protects your online reputation from impersonation and counterfeiting. In short, Foresiet
IDRP gives you 360-degree visibility and protection against today's most sophisticated cyber threats.

Contact us: +91 8169451052 | info@foresiet.com

 Is this post
useful to you?
Feel free to like, share,
and save if you find
this post useful!

Like Comment Share Save

Contact us: +91 8169451052 | info@foresiet.com