npub1623w6tvcc3ghmsdeh7qgdvs9apsksy3xze59squ87909u5y5cqzqmvkfjx (npub1623…kfjx) I am a threat hunter, not an intel analyst, however I would point out a couple things here.
First, MOVEIt exploiters were mostly ransomware actors, who will buy 0-days, but not necessarily develop them.
There's a temporal component here as well. I'd have to check the numbers, and it's still early, but it doesn't seem like there's a massive uptick in network device 0-days being released since MOVEIt, which makes sense, given the amount of R&D a brand new 0-day usually takes to develop.
It's also the case that cl0p et al were not specifically targeting tech companies with MOVEIt.
I suppose it's possible that successful compromise of some vendors led to the discovery of undisclosed critical vulns, but that seems like a rarity.
The increased development of network appliance 0-days has been business-as-usual for a while now—at least since CVE-2019-19781 (original Netscaler RCE).
Taggart :donor: /
npub1ft…k87qx
2023-09-08 15:12:01
in reply to nevent1q…gr4m
Author Public Key
npub1ftansv8hchdst4vngsu808mrc0k3gqd2qw3wkrxrekn5xce6afss2k87qxSeen on
wss://relay.noswhere.comPublished at
2023-09-08 15:12:01Event JSON
{
"id": "db031b2f5483c85e5891c91f0043f908d6153b15203e5eaa79d2331766dfd216",
"pubkey": "4afb3830f7c5db05d5934438779f63c3ed1401aa03a2eb0cc3cda743633aea61",
"created_at": 1694185921,
"kind": 1,
"tags": [
[
"p",
"d2a2ed2d98c4517dc1b9bf8086b205e8616812261668580387f15e5e5094c004",
"wss://relay.mostr.pub"
],
[
"p",
"acde3ea95be08c0da72a5b0645c865fb2a08b99d7b06e4801fe5d1135f9b6b1c",
"wss://relay.mostr.pub"
],
[
"e",
"c22646f308fa2f43acac9aea4f43e7c7e31178caa63d8ca5e5bdd87a7f52250b",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://infosec.town/notes/9jeav8wns13b7v24",
"activitypub"
]
],
"content": "nostr:npub1623w6tvcc3ghmsdeh7qgdvs9apsksy3xze59squ87909u5y5cqzqmvkfjx I am a threat hunter, not an intel analyst, however I would point out a couple things here.\n\nFirst, MOVEIt exploiters were mostly ransomware actors, who will buy 0-days, but not necessarily develop them. \n\nThere's a temporal component here as well. I'd have to check the numbers, and it's still early, but it doesn't seem like there's a massive uptick in network device 0-days being released since MOVEIt, which makes sense, given the amount of R\u0026D a brand new 0-day usually takes to develop.\n\nIt's also the case that cl0p et al were not specifically targeting tech companies with MOVEIt. \n\nI suppose it's possible that successful compromise of some vendors led to the discovery of undisclosed critical vulns, but that seems like a rarity. \n\nThe increased development of network appliance 0-days has been business-as-usual for a while now—at least since CVE-2019-19781 (original Netscaler RCE).",
"sig": "75e6668de9f44960613ff2096829259c06a26d10dd4c053a20caaaf4e72bb4aa9a43207c96ab9722efac8f89e150568e834ba56849d0dfdca999483a9990c7fb"
}