• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – TA505 Active Again – Fresh IoCs
September 4, 2020
Rewterz Threat Alert – Multi-Platform SMAUG Sold as RaaS
September 4, 2020

Rewterz Threat Alert – Pioneer Kitten APT Sells Corporate Network Access, Exploits Vulnerabilities

September 4, 2020

Severity

High

Analysis Summary

Pioneer Kitten is an Iranian APT group which has been spotted selling corporate-network credentials on hacker forums. This hacker group has utilised open-source tools to compromise remote external services.They also rely on SSH tunneling, using open-source tools such as Ngrok and a custom tool called SSHMinion to exploit and gain access to their targets. Following vulnerabilities were found being exploited by this APT group. 

CVE-2020-5902

This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected.

CVE-2019-11510

A remote, unauthenticated attacker may be able to compromise a vulnerable VPN server. The attacker may be able to gain access to all active users and their plain-text credentials. It may also be possible for the attacker to execute arbitrary commands on each VPN client as it successfully connects to the VPN server. This vulnerability has already been exploited in the wild. 
 CVE-2019-19781

Vulnerability in Citrix Application Delivery Controller, Citrix Gateway and Citrix SD-WAN WANOP appliance leading to arbitrary code execution. This vulnerability has already been exploited in the wild. 

Impact

  • Credential Theft
  • Unauthorized Access

Remediation

Refer to previous advisories about these vulnerabilities and make sure all affected products have been patched. 

  • https://www.rewterz.com/rewterz-news/rewterz-threat-advisory-multiple-vulnerabilities-in-f5s-big-ip-allow-full-system-compromise
  • https://www.rewterz.com/threats/rewterz-threat-advisory-cve-2019-11510-continued-exploitation-of-pulse-secure-vpn-vulnerability
  • https://www.rewterz.com/rewterz-news/rewterz-threat-advisory-cve-2019-19781-citrix-patches-flaw-in-citrix-adc-11-1-and-12-0
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.