CYSE 200T

October 7, 2024

Cyber Risk Assignment 

What was Cutting Edge

Cutting Edge (2017) was a cyberattack that targeted the U.S. defense industrial base, which is used globally in fields like telecommunications, finance, aerospace, and technology. The attack was executed through exploits in VPN appliances belonging to Ivanti Connect Secure. The exploits used are part of a category of exploits known as “zero-day vulnerabilities,” which are flaws that are unknown to everyone but the attacker and lack an existing patch or fix. Cutting Edge utilized custom malware to take over trusted files and programs and use them to run malicious code undetected by, a technique known as Living off The Land or LoTL. 

Why does Cutting Edge matter?

• It also is important because of how recent it was and completely new methods of attack
• It saved the Data that it collected from the U.S to a tar Archive that would be hard to get rid of 
• Cutting Edge stole threat actors from cache data and configurations  from a very important VPN that was secured 
• Threat actors trojanized legitimate files in Ivanti Connect Secure appliances with malicious code
• Threat actors utilized a reverse TCP shell and a Unix Socket for C2 Conversations during the Cutting Edge 
• Threat Actors moved Laterally during Cutting Edge by using RDP and Credentials that were being compromised 
• Threat actors maintained their presence on the compromised connect Secure appliances including WireFire, Glasstoken, Bushwalk, Lightwire and Framesting 

Source 

Cutting edge. Cutting Edge, Campaign C0029 | MITRE ATT&CK®. (n.d.). https://attack.mitre.org/campaigns/C0029/