🚨 Threat Campaign Alert: Adobe ColdFusion CVE-2023-26360 is exploited by Threat Actors for Initial Access to Government Servers 🚨 Threat Actor: Unknown Exploited CVEs: CVE-2023-26360 (CVSS 9.8) Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability. Target Industries: Government Impact: Successful exploitation could result in Initial Access to the victim network with elevated privileges. Action: Upgrade all versions affected by this vulnerability. Threat Management Folks can utilize the IOCs, and TTPs to detect and proactively hunt against the subjected threat activities. IOCs_Sha1: b6818d2d5cbd902ce23461f24fc47e24937250e6 IOCs_MD5: ba69669818ef9ccec174d647a8021a7b IOCs_Sha256: a3acb9f79647f813671c1a21097a51836b0b95397ebc9cd178bc806e1773c864 MITRE TTPs: T1190,T1059.007,T1505.003,T1484.001,T1036.005,T1036.008,T1070.004,T1140,T1564.001,T1003.001,T1003.002,T1016.001,T1046,T1082,T1083,T1087.001,T1087.002,T1482,T1518,T1071.001,T1105 Reference: This research insights has been released by the Cybersecurity and Infrastructure Security Agency (CISA). --------------------------------------------------------------------------------------- 🚀Join us on our mission to secure the digital world and make cyber defense affordable to everyone! 🌐 Follow "CyberXTron Technologies" for the timely, relevant and actionable cyber threat insights. #AdobeColdFusion #CVEExploit #InitialAccess #CISA #ThreatCampaign #Cyberattacks #CyberSecurity 🛡️🔒
