The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.

The spyware poses as popular apps like TikTok, and may break free of Russian borders at some point, the researchers say.

Scott Montgomery, VP of Federal, Island

The security vendor’s customers have confronted a barrage of actively exploited defects since 2021. The brute-force attack on a company-controlled system underscores broader security pitfalls are afoot.

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.

The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.

The campaign involves apps posing as Signal and the defunct ToTok, according to ESET.

Okta Threat Intelligence uncovered a large-scale and sustained operation, reflecting the North Korean regime’s pursuit of any opportunity that allows for remote employment.

Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage.