"Our research found that Interlock was exploiting this vulnerability 36 days before its public disclosure, beginning January 26. The critical security flaw allows an unauthenticated, remote attacker to execute arbitrary Java code as root on vulnerable devices. Cisco released software updates that fix the vulnerability on March 4 - but the attackers had a head start."
"Interlock is a ransomware crew that emerged in 2025, and has since infected hospitals and medical facilities - including kidney dialysis firm Davita and Kettering Health, where the criminals not only disrupted chemotherapy sessions and pre-surgery appointments, but also leaked cancer patients' details online."
"Amazon caught the intruders in its MadPot honeypot network, which logged exploit traffic tied to Interlock's infrastructure. And - in a helpful turn for network defenders - the threat intel team also spotted a misconfigured infrastructure server that exposed Interlock's attack toolkit."
Ransomware criminals from the Interlock group exploited a maximum-severity vulnerability in Cisco Secure Firewall Management Center software as a zero-day attack beginning January 26, more than a month before Cisco released patches on March 4. The flaw allows unauthenticated remote attackers to execute arbitrary Java code with root privileges. Amazon's security team discovered the exploitation through its MadPot honeypot network and also identified a misconfigured Interlock infrastructure server exposing their attack toolkit. Interlock, an emerging ransomware crew active since 2025, has targeted hospitals, medical facilities, and government entities, including DaVita dialysis centers and Saint Paul, Minnesota.
#zero-day-vulnerability-exploitation #ransomware-attacks #cisco-secure-firewall #healthcare-sector-targeting #threat-intelligence
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]