Introduction

The kit, named persuasion, is designed to give ciber criminals a way to launch a fishing campaign relatively easily and with little up front effort. The scheme involves potential victims receiving a well crafted spear fishing email with a non malicious p d f attachment purporting to be a microsoft file sharing notification. For six months the threat actor has been exploiting a zero day vulnerability in fat pipes, virtual private network devices as a way to breach companies. According to the alert, the flaw allowed a p t actors to exploit a file upload function in the devices firm ware to install a web shell with root access which led to elevated privileges.

Play episode from 00:00

Transcript

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

Get the app