Cyber Threat Report: 'Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research'
| Report Author | CheckPoint Research |
|---|---|
| Publication Date | 2024-03-08 |
| Original Reporting | Source |
| Related Intrusion Sets | Magnet Goblin |
| Identified CVEs | CVE-2024-21887 , CVE-2024-21888 , CVE-2023-48365 , CVE-2023-41265 , CVE-2024-21893 , CVE-2023-46805 , CVE-2022-24086 , CVE-2023-41266 |
This blog post from CheckPoint Research describes a campaign targeting Ivanti, Magento, Qlink Sense and possibly Apache ActiveMQ systems which they attribute to the Magnet Goblin intrusion set. According to the report Magnet Goblin use '1-day' vulnerabilities and deploy tools including a Linux version the NerbianRAT malware, WARPWIRE (a JavaScript credential stealer), MiniNerbian (a small Linux backdoor) and Windows remote monitoring and management (RMM) tools. The report provides technical analysis of the different parts of the campaign and also includes indicators of compromise (IoCs).
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph