APT27 uses unpatched vulnerabilities against German companies

Armis warnt vor NTLM Relay-Attacken


Tenable comments on ongoing cyber espionage campaign

The Federal Office for the Protection of the Constitution (BfV) has published a press release about an “ongoing cyber espionage campaign” by an APT27 attacker (Advanced Persistent Threat) against German companies. The BfV provides further details in a cyber letter. It states that APT27 has exploited several vulnerabilities to gain initial access to the targeted German companies.

Satnam Narang, Staff Research Engineer at cybersecurity provider Tenable, commented:

“The warning from the Federal Office for the Protection of the Constitution (BfV) on the ongoing attacks by APT27 on German companies is a fresh reminder that known but unpatched vulnerabilities are one of the biggest threats to companies today. In the past, Advanced persistent threats (APT) groups paid for their zero-day exploits or developed them themselves to attack companies. However, in recent years they have had great success exploiting unpatched vulnerabilities, mainly because exploit scripts are readily available in public repositories.

The vulnerabilities exploited by APT27 include several critical vulnerabilities in Microsoft Exchange Server related to ProxyLogon, which were exploited en masse in March 2021. In addition, APT27 exploits a critical vulnerability in the Zoho ManageEngine ADSelfService Plus software, which was deployed against targets in the United States in September 2021. Companies that rely on Microsoft Exchange Server or Zoho ManageEngine ADSelfService Plus should identify the vulnerabilities in their environment and patch them immediately.“

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: