Threat Advisories

Exploitation of Follina leads to takeover of domain controller

November 4, 2022

Threat Level

Red

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The recent incident is related to TA570, wherein the attackers exploited the Follina vulnerability (CVE-2022-30190) to compromise the Domain Controller and eventually gain access to confidential files.

APT10 distributes LODEINFO malware to deploy infection chains

Threat actors buy new BlueFox Stealer to exfiltrate data