REF7707 is a threat actor attributed to CN, also known as CL-STA-0049, Jewelbug. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does REF7707 exploit?

Specific CVE exploitation data for REF7707 is being tracked. Check the Strobes VI threat actor profile for updates.

REF7707

Also known as: CL-STA-0049, Jewelbug

Exploited CVEs

Overview

REF7707 is a cyber campaign targeting government entities, particularly a foreign ministry in South America, utilizing malware families such as FinalDraft, GuidLoader, and PathLoader for persistence and lateral movement. The threat actor employs the Microsoft Graph API for C2 communication, blending malicious traffic with legitimate activity to evade detection. Despite their technical sophistication, REF7707 operators exhibited poor operational security, leading to the exposure of their infrastructure and malware. Their tactics enable the extraction of sensitive data, including passwords and Active Directory information, facilitating ongoing espionage activities.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database