Volexity Profile picture
A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence
Oct 5, 2022 8 tweets 5 min read
A recent post by Vietnamese cybersecurity company GTSC detailed findings from a #MicrosoftExchange breach that stemmed from CVE-2022-41040 and CVE-2022-41082. @Volexity ties this to a CN threat actor it tracks that targets organizations using #OWA and #Zimbra.
#volexintel 1/7 Specifically the post highlights IP 206.188.196.77, which hosted the domain rkn-redirect[.]net. @Volexity previously identified this domain as a phishing domain targeting #OWA users. Note some subdomains offer clues about the likely targeting.
2/7