Select Page

Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems.

These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents.

This vulnerability enables unauthorized attackers to execute malicious code with the SYSTEM user’s privileges, granting them unrestricted access to compromised systems.

The TrueBot malware, linked with cybercriminal collectives Silence and FIN11, is deployed to siphon off data and disseminate ransomware, jeopardising the safety of numerous infiltrated networks.

images from Hacker News