top of page

New Cyber Threat emerges and seeks targets with remote access services and exposed databases.

Updated: Apr 24

Hacker identifying targets on a screen showing the world map.
Threat seeks remote access, files and databases.

A new and worrying threat has recently emerged. It was detected and mapped on our threat intelligence network, HackNet: "we have identified a new cyber threat, originating from the company Pulsar Software Limited."


Our analysis revealed that "Pulsar Software Limited" is conducting malicious activities originating in Singapore, Japan, the United States, Ireland and Hong Kong, with targets spread across the world. These attacks are mainly focused on remote access services such as SSH, Telnet and MS Terminal Service (RDP), as well as file access services such as SMB/CIFS and FTP.

Additionally, we see a focus on databases such as MS SQL Server and MySQL, as well as user management and authentication protocols such as UAAC.

Scans for SSDP (service discovery protocol) were also detected.

The search for the HTTPS service was also observed as a target of the group.


This new threat poses a risk to companies around the world, especially those that need to expose remote access and data storage services. It is of great importance that all organizations are aware of these malicious activities and act quickly to protect their networks and data against potential compromises.


The actors are using IP addressing blocks linked to ASN 16509, a large Autonomous System assigned to "Amazon.com, Inc."

To help mitigate this threat, security analysts can block the following IP address blocks:


  • 178.236.235.0/24

  • 185.2.49.0/24

  • 185.2.50.0/23

  • 185.200.208.0/22

  • 188.130.224.0/22

  • 46.8.100.0/22

  • 46.8.195.0/24

  • 46.8.198.0/24


Additionally, it is essential to review the exposure of network services, default credentials, weak passwords, and unauthenticated access.

We strongly recommend activating multi-factor authentication on all possible services, thus increasing access security and reducing the likelihood of successful cyber attacks.


At NetSensor, we emphasize the importance of collaboration between businesses and the cybersecurity community to effectively combat threats like this. By sharing information and implementing security best practices, we can strengthen our security posture and mitigate the risks associated with cyberattacks.


We will continue to closely monitor this situation and provide updates as necessary. Together, we can face this cyber threat and protect our networks, data and, above all, protect people.



Read too:

Hacker Storm: Botnet with more than 50,000 devices and in full expansion activity identified.

10 views0 comments

Comentarios


Post: Blog2_Post
bottom of page