Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Volexity Profile picture
Volexity
@Volexity
A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence
Oct 5, 2022 8 tweets 5 min read
A recent post by Vietnamese cybersecurity company GTSC detailed findings from a #MicrosoftExchange breach that stemmed from CVE-2022-41040 and CVE-2022-41082. @Volexity ties this to a CN threat actor it tracks that targets organizations using #OWA and #Zimbra.
#volexintel 1/7 Specifically the post highlights IP 206.188.196.77, which hosted the domain rkn-redirect[.]net. @Volexity previously identified this domain as a phishing domain targeting #OWA users. Note some subdomains offer clues about the likely targeting.
2/7