Webinar – Fighting Advanced Malware Threats: Kimsuky and the ScreenConnect Vulnerability

June 26, 202411:00 a.m. - 11:45 a.m. (EDT) | (Online)
Get the latest insights into threat actor activity straight from the frontlines fueled by data from Kroll’s incident response intelligence and elite analyst.

On February 19, software firm ConnectWise notified clients of two vulnerabilities (CVE-2024-1708 and CVE-2024-1709) impacting on-premise versions of their remote management tool, ScreenConnect. Within days, the vulnerability was under heavy exploitation from several groups, including the Advanced Persistent Threat (APT) group known as Kimsuky.

In this exclusive briefing, Kroll’s Head of Threat Intelligence in EMEA, George Glass, will address how Kimusky weaponized the ScreenConnect vulnerability using new malware strain TODDLERSHARK.

Threat intelligence fueled by frontline incident response intel and elite analysts can provide a rich insight into threat actor activity. Security leaders need access to this frontline incident intelligence to understand if they are likely to be in a similar situation but also take immediate action on their defenses. During the briefing, George will highlight how the malware was deployed as part of an attempted compromise, then detected and stopped by the Kroll Responder team.

Key Takeaways

  • The Kroll Cyber Threat Intelligence (CTI) team discovered new malware resembling the VBScript-based BABYSHARK malware that we've called TODDLERSHARK.
  • How the malware was used in post-compromise activity.
  • BABYSHARK has been associated, by several sources, with a threat actor that Kroll tracks as KTA082 (Kimsuky).
  • The malware utilized legitimate Microsoft binary and alternate data streams and exhibited elements of polymorphic behavior.

Dive Deeper into Kroll’s Cyber Risk Solutions

Get a better understanding of the breadth of Kroll’s cyber risk services. Download below for more information: 

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Cyber Threat Intelligence

Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.