Multiple researchers and CISA have confirmed active exploitation of the maximum-severity defect. Fortra, the company behind the file-transfer service, remains silent.

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.

The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.

Okta Threat Intelligence uncovered a large-scale and sustained operation, reflecting the North Korean regime’s pursuit of any opportunity that allows for remote employment.

Phantom Taurus has stolen sensitive data from ministries of foreign affairs, embassies, diplomats and telecom networks in the Middle East, Africa and Asia, researchers said.

Even with all the testing, the company said in its released research that the model tightened up once it was “aware” it was being evaluated. 

Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.

Cisco said it was investigating state-sponsored espionage attacks in May. CISA did not explain why it waited four months to issue an emergency directive.

Researchers said Thalha Jubair was a principal operator, leading or directing many attacks attributed to the hacker subset of The Com since 2022.