Cerberus

Malware Profile Updated a day ago
Download STIX
Preview STIX
Cerberus is a malicious software (malware) that has been identified as posing a significant threat to various Siemens Cerberus PRO and Sinteso fire protection systems. The malware can infiltrate these systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations, steal personal information, or even hold data hostage for ransom. A specific Cerberus sample, identified by SHA-256 1249c4d3a4b499dc8a9a2b3591614966145daac808d440e5202335d9a4226ff8, was found to be digitally code-signed with a generic Android certificate. Several tools and platforms, including Cobalt Strike, Meterpreter, DarkComet, and Empire Powershell, have been associated with Cerberus attacks. The malware affects multiple versions of Siemens Cerberus PRO and Sinteso products, including the Cerberus PRO UL Engineering Tool, Cerberus PRO UL Compact Panel FC922/924, Cerberus PRO UL X300 Cloud Distribution, Desigo Fire Safety UL Compact Panel FC2025/2050, and Desigo Fire Safety UL Engineering Tool. All versions prior to MP4 of the Cerberus PRO UL Engineering Tool and Cerberus PRO UL Compact Panel FC922/924 are vulnerable, as are all versions prior to V4.3.0001 of the Cerberus PRO UL X300 Cloud Distribution and Desigo Fire Safety UL X300 Cloud Distribution. Successful exploitation of these vulnerabilities requires an on-path attacker that intercepts the communication of the engineering tool in the fire system network, potentially allowing code execution on the underlying operating system with the privileges of the engineering tool user account. To mitigate the risks posed by Cerberus, users are advised to update to MP4 or later versions for the Cerberus PRO UL Engineering Tool, Cerberus PRO UL Compact Panel FC922/924, Desigo Fire Safety UL Compact Panel FC2025/2050, and Desigo Fire Safety UL Engineering Tool. For the Cerberus PRO UL X300 Cloud Distribution and Desigo Fire Safety UL X300 Cloud Distribution, users should update to V4.3.0001 or later versions. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an advisory regarding these vulnerabilities (ICSA-24-074-09), noting that they include a serious classic buffer overflow vulnerability that could allow unauthorized access to fire protection system networks.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Siemens
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cerberus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Home Office signs £40m digital deal for UK border anti-crime ‘analytics and targeting system’
CISA
a day ago
Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems | CISA
CERT-EU
2 months ago
Multiple vulnerabilities in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems
Unit42
7 months ago
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
CERT-EU
2 months ago
Remote code execution in Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems
Bitdefender
4 months ago
Unveiling Mobile App Secrets: A 6-Month Deep Dive into Surprising Behavior Patterns
InfoSecurity-magazine
a year ago
Ransomware Attack Forces Closure of Nantucket Schools
CERT-EU
5 months ago
Search | arXiv e-print repository
CERT-EU
2 months ago
Gen. Mark Milley’s Second Act: Multimillionaire
Recorded Future
a year ago
2022 Adversary Infrastructure Report
CERT-EU
7 months ago
Semkel and Searchlight Cyber Form Strategic Partnership – Global Security Mag Online
CERT-EU
6 months ago
The rise of mobile app overlay attacks and how to defend against them [Q&A]
CERT-EU
a year ago
Hackers Allegedly Stole Activision's Upcoming Call Of Duty Games, Employee Data - TechShout
Canadian Centre for Cyber Security
2 months ago
[Control systems] CISA ICS security advisories (AV24-150) - Canadian Centre for Cyber Security
Canadian Centre for Cyber Security
2 months ago
[Control systems] Siemens security advisory (AV24-137) - Canadian Centre for Cyber Security
CERT-EU
2 months ago
ChatGPT side-channel attack has easy fix: token obfuscation
CERT-EU
9 months ago
Can 'Mad Libs for incident response' prevent the next MOVEit
CERT-EU
a year ago
Hackers Steal Upcoming Games, Employee Data In Activision Data Breach
CERT-EU
7 months ago
Semkel and Searchlight Cyber Form Strategic Partnership – Global Security Mag Online
CERT-EU
10 months ago
Philippines-US Bilateral Defense Guidelines: Updating An Alliance Does Not Displace Diplomacy – Analysis