The attackers claim to have a data sample to evaluate, which is accessed for $ 200 USD.
The alert has been created by the sale of RDP access to various European and American organizations on behalf of Jacksparrow, a member of the top level Ramp forums.
SOPHOS – Chinese State-Sponsored High-Value Adversaries Are Exploiting Zero-Day Vulnerability in Sophos Firewalls
The exchange of artifacts and exploitation techniques for the CVE-2022-1040 vulnerability continues to grow.
We see a lot of increased activity in the sharing of artifacts and exploitation techniques targeting CVE-2022-1040. Most of the stakeholders are Chinese state-sponsored actors.
On May 12, 2022, threat hunter @0xrb stated that he observed a malware sample from Botnet Miori that contained scan code targeting CVE-2022-1388, a vulnerability existing in F5 Big-IP devices, the malware from the Miori Botnet has been linked to attacks exploiting the ThinkPHP framework bug in 2018. According to open source reports.
On Tuesday, March 23, the FBI announced considerations and concerns about the growth of attacks based on Mamba Ransomware against government and private sector organizations.