Zeljka Zorz reports:
Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might otherwise linger undetected for months.
A double whammy
In a recently published report, threat researchers at Positive Technologies have detailed the findings of their investigation into two incidents at Russian companies, which they have tied to:
- QuietCrabs, a threat actor believed to be of Asian origin and concentrating on cyber espionage, and
- Thor, a threat group that has been targetting Russian companies with LockBit and Babuk ransomware.
Both groups exploited publicly known vulnerabilities in Microsoft Sharepoint Server (CVE-2025-53770) and Ivanti’s solutions (CVE-2024-21887, CVE-2025-4427, CVE-2025-4428, CVE-2023-38035) to achieve initial access.
Read more at Help Net Security.