Zain Group
Company Details
Linkedin ID:
zain
Website:
Employees number:
15,982
Number of followers:
321,194
NAICS:
517
Industry Type:
Homepage:
zain.com
IP Addresses:
0
Company ID:
ZAI_8354262
Scan Status:
In-progress
Zain Group Company CyberSecurity Posture
zain.com
Zain Group is a leading provider of innovative ICT technologies & digital lifestyle communications operating in 8 markets across the Middle East & Africa, serving 50.9 million active customers as of 30 June 2025. Zain provides mobile voice, data and B2B services in: Kuwait, Bahrain, Iraq, Jordan, Saudi Arabia, Sudan and South Sudan. Headquartered in the UAE, ZainTECH, the Group’s one-stop digital and ICT solutions provider, is playing a key role in the digital transformation of enterprise and government clientele across the MENA region. Also UAE based, Zain Omantel International (ZOI) is revolutionizing the international telecommunications wholesale landscape as the premier wholesale powerhouse serving regional operators, international carriers, and global hyperscalers. In Morocco, Zain has a 15.5% stake in ‘INWI’, through a joint venture. Zain is listed on the Boursa Kuwait (stock ticker: ZAIN). We recommend the Investor Community to download the “Zain Group Investor Relations” Mobile App. For more, please email [email protected]
Zain Group A.I CyberSecurity Scoring
Zain Group Risk Score (AI oriented)Between 750 and 799
Zain Group
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Zain Group Global Score (TPRM)XXXX
Zain Group
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Zain Group Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Telecommunications company in the Middle East
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: Threat actors linked to China exploited the **ToolShell vulnerability (CVE-2025-53770)** in Microsoft SharePoint to breach a Middle Eastern telecommunications company shortly after its public disclosure in July 2025. The attack involved bypassing authentication and achieving **remote code execution (RCE)** on on-premise SharePoint servers, enabling persistent and stealthy access for **credential theft and espionage**. The **Salt Typhoon (Glowworm)** group deployed malicious tools like **Zingdoor, ShadowPad, and KrustyLoader**, a Rust-based loader previously tied to China-nexus espionage campaigns. The attackers aimed to **exfiltrate sensitive data**, establish long-term access, and likely gather intelligence for geopolitical or economic advantage. While no explicit data leak was confirmed, the compromise of a **telecom provider**—a critical infrastructure sector—poses risks to **national security, customer privacy, and regional stability**. The attack aligns with broader campaigns targeting **government agencies, universities, and financial institutions** globally, suggesting a coordinated effort by multiple Chinese state-sponsored groups. The use of **living-off-the-land (LotL) techniques** and privilege escalation exploits (e.g., **CVE-2021-36942/PetitPotam**) further obscured detection, increasing the potential for **unauthorized lateral movement** across networks.
Zain Group Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Zain Group
Incidents vs Telecommunications Industry Average (This Year)
No incidents recorded for Zain Group in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Zain Group in 2025.
Incident Types Zain Group vs Telecommunications Industry Avg (This Year)
No incidents recorded for Zain Group in 2025.
Incident History — Zain Group (X = Date, Y = Severity)
Zain Group cyber incidents detection timeline including parent company and subsidiaries
Zain Group Company Subsidiaries
Zain Group is a leading provider of innovative ICT technologies & digital lifestyle communications operating in 8 markets across the Middle East & Africa, serving 50.9 million active customers as of 30 June 2025. Zain provides mobile voice, data and B2B services in: Kuwait, Bahrain, Iraq, Jordan, Saudi Arabia, Sudan and South Sudan. Headquartered in the UAE, ZainTECH, the Group’s one-stop digital and ICT solutions provider, is playing a key role in the digital transformation of enterprise and government clientele across the MENA region. Also UAE based, Zain Omantel International (ZOI) is revolutionizing the international telecommunications wholesale landscape as the premier wholesale powerhouse serving regional operators, international carriers, and global hyperscalers. In Morocco, Zain has a 15.5% stake in ‘INWI’, through a joint venture. Zain is listed on the Boursa Kuwait (stock ticker: ZAIN). We recommend the Investor Community to download the “Zain Group Investor Relations” Mobile App. For more, please email [email protected]
Loading...
Zain Group Similar Companies
Vodafone
At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people's lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live, we protect the planet a
We are driving the digital transition of Italy and Brazil with innovative technologies and services because we want to contribute to accelerating the sustainable growth of the economy and society by bringing value and prosperity to people, companies and institutions. We offer diversified solutions
We believe it’s people who give purpose to our technology. So we’re committed to staying close to our customers and providing them the best experience. And delivering the best tech. On the best network. Because our purpose is to build a connected future so everyone can thrive. We build techno
🤝Ce qui fait notre singularité ? Chez Bouygues Telecom, nous croyons que les relations humaines sont un besoin vital. La qualité de nos relations avec notre famille, nos amis, ceux qui nous entourent est déterminante pour notre bien-être, notre santé et même notre espérance de vie. Ce sont ces rela
Idea Cellular Ltd
Idea Cellular is an Aditya Birla Group Company, India's first truly multinational corporation. Idea is a pan-India integrated GSM operator offering 2G and 3G services, and has its own NLD and ILD operations, and ISP license. With revenue in excess of $4 billion; revenue market share of 18%; and subs
TELUS
At TELUS, our purpose-driven team works together every day to innovate and do good. From providing technology solutions that make our lives safer and easier, to supporting those who need it most, our inclusive, spirited and giving people are passionate about empowering our customers, communities and
Bell
We advance how people connect with each other and the world #ConnectionIsEverything. Bell is Canada's largest communications company providing advanced Bell broadband wireless, Internet, TV, media and business communications services. Founded in Montréal in 1880, Bell is wholly owned by BCE Inc. T
Telkomsel
Connecting Nation. Accelerating Indonesia's Future. As Indonesia's leading digital telecommunications company, Telkomsel is committed to building a connected, competitive, and future-ready society. For over 29 years, we've empowered individuals, homes, and businesses with innovative connectivity an
Ooredoo Group
We are an award-winning international communications company operating across the Middle East, North Africa and Southeast Asia. Serving consumers and businesses in 10 countries, we deliver a leading data experience through a broad range of content and services via our advanced, data-centric mob
.png)
Zain Group CyberSecurity News
October 18, 2025 07:00 AM
Bourisli: Zain seeks purpose-driven talent who share our passion for creating positive change
KUWAIT: Zain Kuwait sponsored the 4th edition of Watheefti, the largest career gathering in Kuwait. The event was held over the weekend at...
October 14, 2025 07:00 AM
Zain digitally empowers over 500 girls and young women
KUWAIT: Zain announced the successful conclusion of the second edition of the Academy X program in strategic partnership with CODED Academy,...
September 01, 2025 07:00 AM
ZainTECH Unveils AI-Powered Managed SecOps to Bolster Regional Cybersecurity
ZainTECH, the integrated digital solutions provider of Zain Group, has introduced its AI-powered managed security operations service...
August 27, 2025 07:00 AM
ZainTECH Launches AI-Powered SecOps Managed Security Service Across MENA
This strategic move strengthens ZainTECH's leadership in cybersecurity-as-a-service across the Middle East and Africa.
June 23, 2025 07:00 AM
Zain empowers female talent in STEM and cybersecurity
The program aims to empower women and bridge the gender gap in cybersecurity by equipping young women with the skills and confidence needed to excel in this...
June 12, 2025 07:00 AM
ZainTech’s Regional Playbook
There's no sense of theatrics, no sweeping declarations delivered with Silicon Valley gloss. Instead, Hanna, CEO of ZainTECH, Zain Group's...
June 01, 2025 07:00 AM
KFAS concludes ‘TechEdge’ program in collaboration with NBK and Zain
KUWAIT: The Kuwait Foundation for the Advancement of Sciences (KFAS) has concluded the “TechEdge” program conducted in collaboration with...
May 27, 2025 07:00 AM
Rakuten Symphony and Zain Kuwait collaborate on 5G Open RAN
Rakuten Symphony said on Monday it has signed a Memorandum of Understanding (MoU) with Zain Kuwait to collaborate on a pilot project to deploy cloud-native 5G...
May 06, 2025 07:00 AM
Daaij Al-Oud: Zain Kuwait accelerates toward 5.5G era with bold infrastructure investments
By Tamer Abdulaziz KUWAIT: By focusing on advanced infrastructure and enhancing digital experiences, Zain Kuwait plays an active role in...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Zain Group CyberSecurity History Information
Official Website of Zain Group
The official website of Zain Group is https://www.zain.com.
Zain Group’s AI-Generated Cybersecurity Score
According to Rankiteo, Zain Group’s AI-generated cybersecurity score is 774, reflecting their Fair security posture.
How many security badges does Zain Group’ have ?
According to Rankiteo, Zain Group currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Zain Group have SOC 2 Type 1 certification ?
According to Rankiteo, Zain Group is not certified under SOC 2 Type 1.
Does Zain Group have SOC 2 Type 2 certification ?
According to Rankiteo, Zain Group does not hold a SOC 2 Type 2 certification.
Does Zain Group comply with GDPR ?
According to Rankiteo, Zain Group is not listed as GDPR compliant.
Does Zain Group have PCI DSS certification ?
According to Rankiteo, Zain Group does not currently maintain PCI DSS compliance.
Does Zain Group comply with HIPAA ?
According to Rankiteo, Zain Group is not compliant with HIPAA regulations.
Does Zain Group have ISO 27001 certification ?
According to Rankiteo,Zain Group is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Zain Group
Zain Group operates primarily in the Telecommunications industry.
Number of Employees at Zain Group
Zain Group employs approximately 15,982 people worldwide.
Subsidiaries Owned by Zain Group
Zain Group presently has no subsidiaries across any sectors.
Zain Group’s LinkedIn Followers
Zain Group’s official LinkedIn profile has approximately 321,194 followers.
NAICS Classification of Zain Group
Zain Group is classified under the NAICS code 517, which corresponds to Telecommunications.
Zain Group’s Presence on Crunchbase
No, Zain Group does not have a profile on Crunchbase.
Zain Group’s Presence on LinkedIn
Yes, Zain Group maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/zain.
Cybersecurity Incidents Involving Zain Group
As of November 27, 2025, Rankiteo reports that Zain Group has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Zain Group has an estimated 9,535 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Zain Group ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
How does Zain Group detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with broadcom's symantec threat hunter team (investigation), and remediation measures with patching cve-2025-53770 (if not already applied)..
Incident Details
Can you provide details on each incident ?
Title: Exploitation of CVE-2025-53770 (ToolShell) in Microsoft SharePoint by China-Linked Threat Actors
Description: Threat actors with ties to China exploited the ToolShell security vulnerability (CVE-2025-53770) in Microsoft SharePoint to breach multiple entities globally, including a telecommunications company in the Middle East, government departments in Africa and South America, a U.S. university, a state technology agency in Africa, a government department in the Middle East, and a finance company in Europe. The attacks involved bypassing authentication to achieve remote code execution, deploying malware (e.g., Zingdoor, ShadowPad, KrustyLoader), and leveraging living-off-the-land (LotL) tools for credential theft and persistence. The activity is attributed to multiple China-nexus groups, including Linen Typhoon, Violet Typhoon, Storm-2603, and Salt Typhoon, with motives likely tied to espionage.
Date Publicly Disclosed: 2025-07
Type: Cyber Espionage
Attack Vector: Exploitation of Public-Facing Application (CVE-2025-53770)DLL Side-LoadingPrivilege Escalation (CVE-2021-36942)Living-off-the-Land (LotL) Tools
Vulnerability Exploited: CVE-2025-53770 (ToolShell, patch bypass for CVE-2025-49704/CVE-2025-49706)CVE-2021-36942 (PetitPotam)Unspecified SQL Server VulnerabilitiesUnspecified Adobe ColdFusion Vulnerabilities
Threat Actor: Linen Typhoon (Budworm)Violet Typhoon (Sheathminer)Storm-2603Salt Typhoon (Glowworm)UNC5221 (suspected overlap)
Motivation: EspionageCredential TheftPersistent Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Exploited Microsoft SharePoint (CVE-2025-53770)SQL ServersAdobe ColdFusion Vulnerabilities.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cyber Espionage ZAI2703327102325
Data Compromised: Credentials, Potentially sensitive government/telecom/financial data
Systems Affected: Microsoft SharePoint Servers (On-Premise)SQL ServersApache HTTP Servers with Adobe ColdFusionDomain Controllers (via CVE-2021-36942)
Brand Reputation Impact: Potential reputational damage to affected entities (e.g., telecom company, government agencies)
Identity Theft Risk: High (due to credential theft)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Credentials, Potentially Government/Telecom/Financial Data and .
Which entities were affected by each incident ?
Incident : Cyber Espionage ZAI2703327102325
Entity Name: Unnamed Telecommunications Company
Entity Type: Private
Industry: Telecommunications
Location: Middle East
Incident : Cyber Espionage ZAI2703327102325
Entity Name: Government Departments (Multiple)
Entity Type: Government
Industry: Public Sector
Location: Africa
Incident : Cyber Espionage ZAI2703327102325
Entity Name: Government Agencies
Entity Type: Government
Industry: Public Sector
Location: South America
Incident : Cyber Espionage ZAI2703327102325
Entity Name: Unnamed University
Entity Type: Educational
Industry: Higher Education
Location: United States
Incident : Cyber Espionage ZAI2703327102325
Entity Name: State Technology Agency
Entity Type: Government
Industry: Technology
Location: Africa
Incident : Cyber Espionage ZAI2703327102325
Entity Name: Government Department
Entity Type: Government
Industry: Public Sector
Location: Middle East
Incident : Cyber Espionage ZAI2703327102325
Entity Name: Finance Company
Entity Type: Private
Industry: Financial Services
Location: Europe
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Cyber Espionage ZAI2703327102325
Third Party Assistance: Broadcom'S Symantec Threat Hunter Team (Investigation).
Remediation Measures: Patching CVE-2025-53770 (if not already applied)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Broadcom's Symantec Threat Hunter Team (investigation), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Cyber Espionage ZAI2703327102325
Type of Data Compromised: Credentials, Potentially government/telecom/financial data
Sensitivity of Data: High (government, telecom, financial sectors targeted)
Data Exfiltration: Likely (for espionage purposes)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patching CVE-2025-53770 (if not already applied), .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Cyber Espionage ZAI2703327102325
Ransomware Strain: WarlockLockBitBabuk (deployed by Storm-2603 in unrelated recent attacks)
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Cyber Espionage ZAI2703327102325
Lessons Learned: 1. Patch management is critical, especially for publicly disclosed vulnerabilities like CVE-2025-53770, which was exploited even after patches were available. 2. China-nexus threat actors continue to target high-value sectors (telecom, government, finance) for espionage, leveraging both zero-days and known vulnerabilities. 3. Defense-in-depth strategies (e.g., monitoring for LotL tools, privilege escalation attempts) are essential to detect post-exploitation activity.
What recommendations were made to prevent future incidents ?
Incident : Cyber Espionage ZAI2703327102325
Recommendations: 1. Immediate patching of Microsoft SharePoint servers for CVE-2025-53770 and related flaws (CVE-2025-49704, CVE-2025-49706). 2. Audit and harden SQL servers and Adobe ColdFusion instances to prevent exploitation via side-loading or other techniques. 3. Monitor for indicators of compromise (IoCs) tied to KrustyLoader, ShadowPad, Zingdoor, and other tools used in these attacks. 4. Implement multi-factor authentication (MFA) and least-privilege access controls to mitigate credential theft risks. 5. Enhance logging and detection for privilege escalation attempts (e.g., PetitPotam exploitation). 6. Conduct threat hunting for signs of persistent access or backdoors established by China-linked groups.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are 1. Patch management is critical, especially for publicly disclosed vulnerabilities like CVE-2025-53770, which was exploited even after patches were available. 2. China-nexus threat actors continue to target high-value sectors (telecom, government, finance) for espionage, leveraging both zero-days and known vulnerabilities. 3. Defense-in-depth strategies (e.g., monitoring for LotL tools, privilege escalation attempts) are essential to detect post-exploitation activity.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: 1. Immediate patching of Microsoft SharePoint servers for CVE-2025-53770 and related flaws (CVE-2025-49704, CVE-2025-49706). 2. Audit and harden SQL servers and Adobe ColdFusion instances to prevent exploitation via side-loading or other techniques. 3. Monitor for indicators of compromise (IoCs) tied to KrustyLoader, ShadowPad, Zingdoor, and other tools used in these attacks. 4. Implement multi-factor authentication (MFA) and least-privilege access controls to mitigate credential theft risks. 5. Enhance logging and detection for privilege escalation attempts (e.g. and PetitPotam exploitation). 6. Conduct threat hunting for signs of persistent access or backdoors established by China-linked groups..
References
Where can I find more information about each incident ?
Incident : Cyber Espionage ZAI2703327102325
Source: Broadcom's Symantec Threat Hunter Team
Incident : Cyber Espionage ZAI2703327102325
Source: Synacktiv (KrustyLoader analysis)
Date Accessed: 2024-01
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Broadcom's Symantec Threat Hunter Team, and Source: Synacktiv (KrustyLoader analysis)Date Accessed: 2024-01.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Cyber Espionage ZAI2703327102325
Investigation Status: Ongoing (attribution to specific groups remains inconclusive; evidence points to China-based actors)
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Cyber Espionage ZAI2703327102325
Entry Point: Exploited Microsoft Sharepoint (Cve-2025-53770), Sql Servers, Adobe Coldfusion Vulnerabilities,
Backdoors Established: ['ShadowPad', 'KrustyLoader', 'Zingdoor']
High Value Targets: Telecommunications Infrastructure, Government Networks, Financial Data,
Data Sold on Dark Web: Telecommunications Infrastructure, Government Networks, Financial Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Cyber Espionage ZAI2703327102325
Root Causes: 1. Delayed or incomplete patching of critical vulnerabilities (CVE-2025-53770). 2. Insufficient monitoring for post-exploitation activity (e.g., LotL tools, privilege escalation). 3. Overlap in tools/TTPs with previously attributed China-linked groups (e.g., Glowworm) suggests targeted espionage campaigns.
Corrective Actions: 1. Accelerate vulnerability management processes for high-severity flaws. 2. Deploy behavioral detection for malware loaders (e.g., KrustyLoader) and espionage tools (e.g., ShadowPad). 3. Isolate and segment high-value systems (e.g., government/telecom networks) to limit lateral movement. 4. Conduct red team exercises to test defenses against similar attack chains.
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Broadcom'S Symantec Threat Hunter Team (Investigation), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: 1. Accelerate vulnerability management processes for high-severity flaws. 2. Deploy behavioral detection for malware loaders (e.g., KrustyLoader) and espionage tools (e.g., ShadowPad). 3. Isolate and segment high-value systems (e.g., government/telecom networks) to limit lateral movement. 4. Conduct red team exercises to test defenses against similar attack chains..
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Linen Typhoon (Budworm)Violet Typhoon (Sheathminer)Storm-2603Salt Typhoon (Glowworm)UNC5221 (suspected overlap).
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-07.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Credentials, Potentially Sensitive Government/Telecom/Financial Data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Microsoft SharePoint Servers (On-Premise)SQL ServersApache HTTP Servers with Adobe ColdFusionDomain Controllers (via CVE-2021-36942).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was broadcom's symantec threat hunter team (investigation), .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Potentially Sensitive Government/Telecom/Financial Data and Credentials.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was 1. Patch management is critical, especially for publicly disclosed vulnerabilities like CVE-2025-53770, which was exploited even after patches were available. 2. China-nexus threat actors continue to target high-value sectors (telecom, government, finance) for espionage, leveraging both zero-days and known vulnerabilities. 3. Defense-in-depth strategies (e.g., monitoring for LotL tools, privilege escalation attempts) are essential to detect post-exploitation activity.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was 1. Immediate patching of Microsoft SharePoint servers for CVE-2025-53770 and related flaws (CVE-2025-49704, CVE-2025-49706). 2. Audit and harden SQL servers and Adobe ColdFusion instances to prevent exploitation via side-loading or other techniques. 3. Monitor for indicators of compromise (IoCs) tied to KrustyLoader, ShadowPad, Zingdoor, and other tools used in these attacks. 4. Implement multi-factor authentication (MFA) and least-privilege access controls to mitigate credential theft risks. 5. Enhance logging and detection for privilege escalation attempts (e.g. and PetitPotam exploitation). 6. Conduct threat hunting for signs of persistent access or backdoors established by China-linked groups..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Synacktiv (KrustyLoader analysis) and Broadcom's Symantec Threat Hunter Team.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (attribution to specific groups remains inconclusive; evidence points to China-based actors).
Initial Access Broker
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=zain' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
