Cerber

Malware updated 3 months ago (2024-11-29T14:46:01.869Z)
Download STIX
Preview STIX
Cerber is a type of malware, specifically a ransomware variant that targets systems to exploit and damage them. Ransomware is a form of malicious software designed to block access to a computer system until a sum of money is paid. Cerber infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations and hold data hostage for ransom. A Linux variant of Cerber has been identified as targeting Atlassian servers, exploiting a vulnerability known as CVE-2023-22518. This was discovered when threat actors started using this flaw to deliver the Cerber ransomware, prompting Atlassian to elevate the severity rating of the vulnerability. Hackers exploited an authentication bypass flaw in Atlassian to encrypt files with the Cerber ransomware. In some instances, threat groups were able to deploy the Cerber ransomware by exploiting two recent vulnerabilities in Atlassian Confluence. The exploitation of this vulnerability by Cerber ransomware has had significant impacts. For example, the Allied Pilots Association reported a suspected ransomware attack that knocked several systems offline. Other notable attacks include a major ransomware attack on Mexico City's Querétaro Intercontinental Airport by the LockBit group and a threat of a massive data breach faced by Shimano from the same group. In response to these escalating threats, an alliance of 40 countries has vowed not to pay ransoms to cybercriminals.
Description last updated: 2024-10-17T12:53:58.550Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Payload
Confluence
Exploit
Vulnerability
Linux
Malware
Ransom
Encrypt
Ransomware P...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Cerber. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-22518 Vulnerability is associated with Cerber. CVE-2023-22518 is a critical vulnerability that was discovered in all versions of Atlassian Confluence Data Center and Server products. Identified as an improper authorization flaw, it posed significant risks including potential data loss if exploited by an unauthenticated attacker. The vulnerabilitUnspecified
4
Source Document References
Information about the Cerber Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CrowdStrike
11 days ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
Securityaffairs
8 months ago
CERT-EU
a year ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
10 months ago
InfoSecurity-magazine
10 months ago
Quick Heal Technologies Ltd.
a year ago
Trend Micro
a year ago
CERT-EU
2 years ago