mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
[threat-actors] Add UNC5820
This commit is contained in:
parent
d9f98b52da
commit
f74560c80f
1 changed files with 10 additions and 0 deletions
|
@ -17061,6 +17061,16 @@
|
||||||
},
|
},
|
||||||
"uuid": "8bd29f1a-ea33-49c2-a783-42cd2a193f83",
|
"uuid": "8bd29f1a-ea33-49c2-a783-42cd2a193f83",
|
||||||
"value": "OverFlame"
|
"value": "OverFlame"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "UNC5820 is a threat actor exploiting the CVE-2024-47575 vulnerability in Fortinet's FortiManager, allowing them to bypass authentication and execute arbitrary commands. They have been observed exfiltrating configuration data, user information, and FortiOS256-hashed passwords from managed FortiGate devices. While the actor has staged and exfiltrated sensitive data, there is currently no evidence of lateral movement or further compromise of additional environments. Mandiant has not determined whether UNC5820 is state-sponsored or identified its geographic location.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "e13e36e7-a75b-42fa-8d51-35f9eeafebfc",
|
||||||
|
"value": "UNC5820"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 318
|
"version": 318
|
||||||
|
|
Loading…
Reference in a new issue