IB company Arctic Wolf discovered The Commercial Campania Cactus groups operating recently discovered vulnerabilities in the Qlik Sense business analytics platform for penetration into the target environment. The campaign marks the first documented case when the attackers who unfolded the Cactus Mr. program used vulnerabilities in Qlik Sense for the initial access.
ARCTIC WOLF, which responds to “several cases” of QLIK SENSE operation, noted that the attacks are probably used by 3 vulnerabilities that have been discovered over the past 3 months:
- cve-2023-41265 (CVSS: 9.9) – vulnerability of tunneling HTTP request (HTTP Request Tunneling), which allows a remote attacker to increase their privileges and send requests that are executed by an internal server where the referential application is posted.
- cve-2023-41266 (CVSS: 6.5) – vulnerabilities of traveling tracks (Thus, the hacker can bypass access restrictions and read, and sometimes change files to which access is usually limited. The disadvantage allows you to get unauthorized access to confidential data.)
/Reports, release notes, official announcements.