This joint advisory provides information—including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)—on Maui ransomware obtained from FBI incident response activities and industry analysis of a Maui sample.
APT actors have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.
Entities can mitigate the vulnerabilities listed in the advisory by applying the available patches to their systems, replacing end-of-life infrastructure, and implementing a centralized patch management program.
Malicious actors commonly use various techniques, including exploits of public-facing applications, external remote services, phishing, trusted relationship, and valid accounts, to gain initial access to victim networks.
Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies—often working in system administration or software development/IT operations (DevOps)—on a variety of communication platforms.