The Lorenz security threat group has been targeting corporate networks across the U.S., China, and Mexico in an ongoing ransomware campaign since yearly 2021. Leveraging a critical security hole in Mitel MiVoice Connect appliances tagged CVE-2022-29499, adversaries aim to obtain persistence within a compromised network. This RCE vulnerability was first discovered in April and patched three months later.
Currently, more than 19,000 devices remain vulnerable to these exploit efforts.
The rule kit is aligned with the MITRE ATT&CK® framework v.10 and has translations for 26 SIEM, EDR & XDR platforms.
In an era when an ever-growing threat of cyber-attacks drives the world, we promote the paramount importance of timely threat detection and offer scalable solutions to gain visibility into threats relevant to your security needs based on the ATT&CK framework. To effortlessly search for related threats and instantly delve into contextual metadata, like CTI and ATT&CK references, click the Explore Detections button and drill down to relevant search results using SOC Prime’s search engine for Threat Detection, Threat Hunting, and CTI.
Research data shows that adversaries use companies’ phone systems for initial access to their corporate networks. Interestingly, the documented attacks show a one-month time gap between the initial system breaching and the beginning of the post-exploitation activity. For data exfiltration, the Lorenz ransomware gang used the FileZilla FTP tool.
This criminal circle has won a reputation of adversaries who engage in high-profile attacks, leaving their victims’ wallets thinner by acquiring millions in ransom payments. Lorenz group launched double-extortion attacks, publishing stolen data on their website or selling it to third parties.
In August, we introduced some significant improvements to SOC Prime’s Threat Bounty Program. Kudos to our top 5 most popular Threat Bounty contributors (content-based rating):
Learn more about the cyber world’s most prolific detection content developer program and secure your place among industry leaders with SOC Prime.