Sifting through the spines: identifying (potential) Cactus ransomware victims
ID: 0989b152-571d-554a-adcf-9d7c42c53367
STIX ID: report--0989b152-571d-554a-adcf-9d7c42c53367
Feed Name: Fox-IT blog
The report describes an active Cactus ransomware campaign exploiting multiple Qlik Sense vulnerabilities (including ZeroQlik and DoubleQlik CVEs). Researchers used product-info.json fingerprinting to identify exposed Qlik servers, finding 5,205 internet-accessible instances with 3,143 likely vulnerable and 122 showing compromise artefacts (qle.ttf/qle.woff). The document details exploitation indicators, geographic distribution, responsible disclosure actions by DIVD and partners, and remediation recommendations (patching, removal from internet, IP whitelisting, or upgrades).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.