A new threat actor group, known as Magnet Goblin, has been identified as rapidly exploiting recently disclosed vulnerabilities to target public-facing servers and edge devices, according to a warning issued by Check Point. This group has been active since at least January 2022 and has been utilizing unpatched Ivanti Connect Secure VPN, Magento, Qlik Sense, and potentially Apache ActiveMQ servers to gain unauthorized access.

In a recent incident involving an Ivanti Connect Secure exploitation campaign, Magnet Goblin deployed a Linux version of a malware called NerbianRAT and a JavaScript credential stealer named WARPWIRE. Their arsenal also includes MiniNerbian, a small Linux backdoor, and various RMM tools for Windows. Once unauthorized access is gained through vulnerable servers, the threat actor deploys the Nerbian RAT and MiniNerbian to execute arbitrary commands and exfiltrate data from compromised hosts.

It appears that the campaign is financially motivated, with a focus on areas that are typically left unprotected. The group’s use of 1-day vulnerabilities and custom Linux malware indicates a trend of targeting previously vulnerable edge devices for financial gain.

This serves as a reminder of the importance of robust cybersecurity defenses against evolving threats. It highlights the critical necessity of timely patching and continuous monitoring to safeguard against sophisticated cyber threats posed by groups like Magnet Goblin. Other recent threats, such as the North Korean Kimsuky APT group’s exploitation of vulnerabilities in ConnectWise ScreenConnect software and the hacking group UAC-0184’s campaign using steganography to deliver the Remcos RAT, further underscore the need for vigilance in the face of cyber threats.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles