Welcome to the Threat Landscape Update Report for January 2024.

This month's report covers a range of critical cybersecurity incidents, including zero-day vulnerabilities in Ivanti Connect Secure VPN appliances, Russian state actors compromising Microsoft and HP Enterprise, and a spike in Akira ransomware activity targeting the Nordics.

January report covers

  • Multiple zero-day vulnerabilities in Ivanti Connect Secure VPN appliances 
  • Compromise of Microsoft and HP Enterprise by Russian state actors 
  • Spike in Akira ransomware activity targeting the Nordics 
  • Vulnerabilities in GitLab and GitHub, raising concerns about CI/CD pipeline supply chain attacks 
  • Attacks by hacktivist groups with significant impacts 
  • Security failures leading to outages for Orange Spain

These issues underscore the diverse and evolving nature of cybersecurity threats faced by organizations in January 2024.

  1. Multiple zero-day vulnerabilities in Ivanti Connect Secure VPN appliances:
    • Researchers identified two zero-day vulnerabilities in Ivanti ICS VPN appliances that allowed unauthenticated remote code execution 
    • The vulnerabilities were exploited by threat actors to deploy custom webshells, download and execute payloads, and move laterally within victim networks 
    • Ivanti released a mitigation tool, but a patch was not available until later in January, and a configuration push could deactivate the mitigation, leaving devices vulnerable 
  2. Compromise of Microsoft and HP Enterprise by Russian state actors:
    • Russian state actors compromised Microsoft and HP Enterprise, with data exfiltration occurring since at least May 2023 
    • The attackers breached email inboxes of individuals in cybersecurity and other functions, raising concerns about the extent of data exfiltration and potential impacts on operations 
  3. Spike in Akira ransomware activity targeting the Nordics:
    • Akira ransomware activity increased in the Nordics, impacting multiple significant Swedish entities 
    • The spike in ransomware activity highlights the persistent threat posed by ransomware attacks to organizations in the region
  4. Vulnerabilities in GitLab and GitHub:
    • Multiple vulnerabilities in GitLab and GitHub raised concerns about CI/CD pipeline supply chain attacks 
    • The prevalence of these vulnerabilities underscores the importance of securing software development and deployment pipelines to prevent supply chain attacks
  5. Attacks by hacktivist groups:
    • Hacktivist groups conducted attacks with significant impacts, surpassing their usual scope of influence 
    • The attacks demonstrate the evolving tactics and capabilities of hacktivist groups in targeting organizations for various reasons
  6. Security failures leading to outages for Orange Spain:
    • Security failures resulted in outages for Orange Spain, highlighting the potential consequences of cybersecurity incidents on critical services 
    • The outages serve as a reminder of the importance of robust cybersecurity measures to maintain operational resilience 

Be Ahead of the Game!

Stay informed about the latest cybersecurity threats and trends by subscribing to WithSecure's monthly threat highlights report!

Our comprehensive report provides an overview of last month's cybersecurity news, the changing threat landscape, and relevant advice.

Don't miss out on valuable insights - fill out the form to receive our report now!

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.