groups G0123 — Search

US Exploit Public-Facing Application, Technique T1190 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v15/techniques/T1190

…(CVE-2021-26855) to compromise Exchange Servers at multiple organizations. [78] G0123 Volatile Cedar Volatile Cedar has targeted publicly facing web servers, with both automatic and manual vulnerability discovery. [79] [80] G1017 Volt Typhoon Volt Typhoon gained initial access th…

2026-04-25 20:55 View archive →

US Exploit Public-Facing Application, Technique T1190 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1190

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. CISA. (2023, December 18). #StopRansomware: Play Ransomware AA23-352A. Retrieved September 24, 2024. Trend Micro Research. (2023, July 21). Ransomware Spotlight: Pla…

2026-04-24 13:44 View archive →

US Exploit Public-Facing Application, Technique T1190 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v16/techniques/T1190

…since identified as CVE-2024-39717, for initial access and code execution. [88] G0123 Volatile Cedar Volatile Cedar has targeted publicly facing web servers, with both automatic and manual vulnerability discovery. [89] [90] G1017 Volt Typhoon Volt Typhoon has gained initial acces…

2026-04-26 02:41 View archive →

US Server Software Component: Web Shell, Sub-technique T1505.003 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1505/003

…sulted in the deployment of the VersaMem web shell for follow-on activity. [74] G0123 Volatile Cedar Volatile Cedar can inject web shell code into a server. [75] [76] G1017 Volt Typhoon Volt Typhoon has used webshells, including ones named AuditReport.jspx and iisstart.aspx, in c…

2026-04-25 06:00 View archive →

US Ingress Tool Transfer, Technique T1105 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v16/techniques/T1105

…0257 VERMIN VERMIN can download and upload files to the victim's machine. [518] G0123 Volatile Cedar Volatile Cedar can deploy additional tools. [112] S0180 Volgmer Volgmer can download remote files and additional payloads to the victim's machine. [519] [520] [521] G1017 Volt Typ…

2026-04-26 01:30 View archive →

US Ingress Tool Transfer, Technique T1105 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1105

…urveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017. Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia a…

2026-04-24 13:45 View archive →

US Ingress Tool Transfer, Technique T1105 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1105

…217 VIRTUALPITA VIRTUALPITA has the ability to upload and download files. [580] G0123 Volatile Cedar Volatile Cedar can deploy additional tools. [122] S0180 Volgmer Volgmer can download remote files and additional payloads to the victim's machine. [581] [582] [583] G1017 Volt Typ…

2026-04-25 15:32 View archive →

US Ingress Tool Transfer, Technique T1105 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v10/techniques/T1105

…0257 VERMIN VERMIN can download and upload files to the victim's machine. [371] G0123 Volatile Cedar Volatile Cedar can deploy additional tools. [76] S0180 Volgmer Volgmer can download remote files and additional payloads to the victim's machine. [372] [373] [374] S0579 Waterbear…

2026-04-26 07:40 View archive →