Foresttiger

Vulnerability updated 7 months ago (2024-05-04T22:17:47.300Z)

Download STIX

Preview STIX

ForestTiger is a software vulnerability that has been exploited by threat actors, specifically Diamond Fleet, to compromise system security. The flaw in the software design or implementation has enabled the group to execute malicious activities, primarily through PowerShell scripts to download two payloads from seemingly legitimate infrastructure that they had previously compromised. The exploitation of this vulnerability has been methodically planned and executed, demonstrating the advanced capabilities of the threat actor. The attackers have particularly used ForestTiger Backdoor as one of their main tools for exploiting the identified vulnerability. They have been observed compromising TeamCity servers to deploy this persistent backdoor, named after the vulnerability itself. The ForestTiger Backdoor has been used to run scheduled tasks on the compromised systems, further deepening the extent of the breach and enabling the attackers to maintain a steady grip on the infiltrated systems. One of the key malicious activities facilitated by the ForestTiger Backdoor is the dumping of LSASS (Local Security Authority Subsystem Service) credentials from memory. This operation allows the attacker to gain access to sensitive user authentication information, thereby posing a significant threat to data security. The use of ForestTiger vulnerability and its associated backdoor underscores the need for robust cybersecurity measures to protect against such sophisticated threats.

Description last updated: 2024-05-04T21:19:54.877Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Teamcity

Malware

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Diamond Sleet Threat Actor is associated with Foresttiger. Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supply	Unspecified	2

Source Document References

Information about the Foresttiger Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	a year ago	North Korean Hackers Exploiting Critical Flaw in DevOps Tool
InfoSecurity-magazine	a year ago	North Korean Attackers Exploiting Critical CI/CD Vulnerability
CERT-EU	a year ago	N. Korean Hackers Distribute Trojanized CyberLink Software in Supply Chain Attack
CERT-EU	a year ago	North Korean Hackers Exploiting Recent TeamCity Vulnerability
CERT-EU	a year ago	North Korean State Actors Attack Critical Bug in TeamCity Server