An analysis of criminal forums revealed information regarding top trending Common Vulnerabilities and Exposures (CVEs) among cybercriminals. According to researchers, criminal discussions in underground forums reveal information about the most talked-about CVEs.

Analysis of CVEs

The below analysis by Cognyte is an outcome of examining 15 cybercrime forums from January 2020 to March 2021.
  • The top six, also the most famous among cybercriminals, CVEs are CVE-2020-1472 (aka ZeroLogon), CVE-2020-0796 (aka SMBGhost), CVE-2019-19781, CVE-2019-0708 (aka BlueKeep), CVE-2017-11882, and CVE-2017-0199.
  • According to the report, most of the discovered CVEs were exploited by nation-state hackers and cybercriminals; for example, ransomware gangs and global attack campaigns aimed at different industries.
  • The researchers discovered that ZeroLogon, SMBGhost, and BlueKeep were among the most talked-about vulnerabilities among cybercriminals between January 2020 and March 2021.
  • Moreover, a nine-year-old CVE-2012-0158 was exploited during the onset of the COVID-19 pandemic, which manifests that organizations are still lagging behind in taking these threats seriously.

Recent exploit incidents

The above-mentioned vulnerabilities have been used by several attackers to target their victims in the past few months.
  • In May, APT29, the threat actors allegedly associated with the Russian Foreign Intelligence Service, were observed leveraging several vulnerabilities, including the Citrix flaw CVE-2019-19781, to target its victims.
  • In April, Prometei, a persistent cryptocurrency mining botnet was observed exploiting Microsoft Exchange vulnerabilities—CVE-2021-27065 and CVE-2021-26858—to target victim networks to install malware.
  • Around the same time, a new Chinese APT Backdoor PortDoor was observed exploiting several vulnerabilities in Microsoft’s Equation Editor, including CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802.


The recent analysis provides another great insight into cybercriminals’ interest in the CVEs. This information could help organizations to identify flaws exploited in the wild and help security professionals address the potential weaknesses by applying appropriate security patches.

Cyware Publisher