"Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign"

A campaign called "Bleed You" is attempting to exploit a known Remote Code Execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions, and over 1,000 systems are unpatched and vulnerable. According to a new report from Cyfirma, the critical flaw, tracked as CVE-2022-34721, has been under active attack since September, affecting vulnerable Windows OS, Windows Servers, as well as Windows protocol and services. Once compromised, threat actors move laterally to deploy ransomware and other malware. According to Cyfirma, the threat actors speak Mandarin but also have ties to Russian cybercriminals. The attacks are not limited to a specific sector, with targets including retail, government, Information Technology (IT) services, and more. Victims were also dispersed across Canada, the UK, and the US. This article continues to discuss the targeting of a critical RCE vulnerability in Windows IKE Protocol Extensions in a malicious campaign known as Bleed You.

Dark Reading reports "Cyber-Threat Group Targets Critical RCE Vulnerability in 'Bleed You' Campaign"