TechNadu is sharing images from a reported Babuk cyberattack on Japanese Power Tool Maker Yamabiko (who has not yet issued a statement on the attack). The threat actors claim to have stolen 0.5 TB of sensitive data and are already leaking out some of the documents. An expert from Blue Hexagon offers comments.
<p>Due to the deluge of new CVEs this year, attackers have now started attacking company infrastructure as an entry rather than the usual first vectors of phishing users, finding leaked credentials or open RDP. For example, a new zero-day <a href=\"https://nvd.nist.gov/vuln/detail/CVE-2021-22893\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://nvd.nist.gov/vuln/detail/CVE-2021-22893&source=gmail&ust=1620831053864000&usg=AFQjCNHVAAqNUGrqx_zFynLrvHUAOxn9pg\">CVE-2021-22893</a> was used along with old bugs in Pulse Secure VPNs by state-sponsored attackers to compromise several government agencies and corporations with 12 malware strains. It appears that in this attack as well, attackers may have used VPN as an entry point to gain a foothold. Such infection methods circumvent prevention-based perimeter defense like firewalls and necessitate the use of network detection and response to find attack traces that signature-based technologies miss.</p>