CosmicBeetle is a threat actor. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does CosmicBeetle exploit?

Specific CVE exploitation data for CosmicBeetle is being tracked. Check the Strobes VI threat actor profile for updates.

CosmicBeetle

Exploited CVEs

Overview

CosmicBeetle is a threat actor known for deploying the ScRansom ransomware, which has replaced its previous variant, Scarab. The actor utilizes a custom toolset called Spacecolon, consisting of ScHackTool, ScInstaller, and ScService, to gain initial access through RDP brute forcing and exploiting vulnerabilities like CVE-2020-1472 and FortiOS SSL-VPN. CosmicBeetle has been observed impersonating the LockBit ransomware gang to leverage its reputation and has shown a tendency to leave artifacts on compromised systems. The group primarily targets SMBs globally, employing techniques such as credential dumping and data destruction.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database