TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Overblown Claims of Vulnerabilities, Exploits, & Severity | Huntress

2022-12-14 · Read original ↗

ATT&CK techniques detected

9 predictions
T1219Remote Access Tools
91%
“could not be done with any other publicly available remote desktop control software like teamviewer, anydesk, or others. there are repeated claims by the security researcher that this does not require social engineering, but we ( alongside other members of the community ) contend…”
T1190Exploit Public-Facing Application
85%
“: connectwise releases their response article. - 14 december : huntress releases this response article. our validation at it nation connect on november 9th, the huntress team was at our booth chatting with partners on the tradeshow floor, when a community member came up to speak …”
T1566.004Spearphishing Voice
78%
“ddos, hijacking, poisoning, injection, botnets, amplification attacks, sideband attacks, remote code execution or any of the other critical - severity threats posed in the researcher ’ s article. the most prevalent threat against connectwise control that huntress as well as the c…”
T1219Remote Access Tools
76%
“code execution. in the following weeks after it nation connect, the researcher expressed on linkedin there would be more details to come and their public blog post would soon be released. on november 29, their public writeup was available and subsequently got the attention of som…”
T1598Phishing for Information
50%
“overblown claims of vulnerabilities, exploits, & severity | huntress over the past few weeks, the huntress team has been tracking the recent conversations surrounding supposed connectwise control vulnerabilities and alleged in - the - wild exploitation. we have been in contact wi…”
T1219Remote Access Tools
41%
“asked if they could provide a technical video demonstration to showcase the process and achieve this desired effect, but the researcher still refused. with that said, during our communication the security researcher did note another oddity in connectwise control ’ s behavior. our…”
T1566Phishing
36%
“overblown claims of vulnerabilities, exploits, & severity | huntress over the past few weeks, the huntress team has been tracking the recent conversations surrounding supposed connectwise control vulnerabilities and alleged in - the - wild exploitation. we have been in contact wi…”
T1090.003Multi-hop Proxy
32%
“installer with modified host headers fails against cloud instances. for on - premises installations, it is crucial that the system administrators follow the proper installation procedures and manual, other hardening guides and the provided connectwise control security checklist. …”
T1090.002External Proxy
30%
“installer with modified host headers fails against cloud instances. for on - premises installations, it is crucial that the system administrators follow the proper installation procedures and manual, other hardening guides and the provided connectwise control security checklist. …”

Summary

Our team has been tracking conversations surrounding ConnectWise Control vulnerabilities and alleged exploitation. We politely disagree with the threat and criticality presented by the security researcher.