嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。首先,我需要仔细阅读文章,抓住主要信息。 文章主要讲的是Interlock勒索软件团伙利用Cisco Secure FMC软件中的一个严重漏洞进行攻击。这个漏洞是零日漏洞,意味着Cisco在攻击发生时并不知道这个漏洞。攻击从1月底开始,持续到3月4日Cisco发布补丁为止。 此外,Interlock还部署了新的恶意软件Slopoly,并且之前还攻击过多个机构,比如DaVita、Kettering Health等。亚马逊威胁情报团队指出,Interlock在漏洞公开前36天就开始利用它,这给了他们一周的时间来攻击组织。 所以,总结的时候需要包括:Interlock利用零日漏洞攻击Cisco FMC软件,导致多个机构受害,以及补丁发布的时间和亚马逊的发现。 接下来,我要把这些信息浓缩到100字以内。可能的结构是:时间范围、攻击对象、漏洞性质、影响和补丁情况。 比如:“Interlock勒索团伙自1月底起利用Cisco FMC软件零日漏洞进行攻击,导致多个机构受害。该漏洞允许远程代码执行, Cisco于3月4日发布补丁。亚马逊报告称Interlock在漏洞公开前36天就开始利用。” 这样刚好控制在100字左右,并且涵盖了关键点。 </think> Interlock勒索团伙自1月底起利用Cisco FMC软件零日漏洞进行攻击,导致多个机构受害。该漏洞允许远程代码执行, Cisco于3月4日发布补丁。亚马逊报告称Interlock在漏洞公开前36天就开始利用。 2026-3-18 17:0:20 Author: www.bleepingcomputer.com(查看原文) 阅读量:11 收藏
The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January.
The Interlock ransomware operation surfaced in September 2024 and has been linked to ClickFix and to malware attacks in which they deployed a remote access trojan called NodeSnake on the networks of multiple U.K. universities.
Interlock has also claimed responsibility for attacks on DaVita, Kettering Health, the Texas Tech University System, and the city of Saint Paul, Minnesota. More recently, IBM X-Force researchers reported that Interlock operators have deployed a new malware strain dubbed Slopoly, likely created using generative AI tools.
Cisco patched the security flaw (CVE-2026-20131) on March 4, warning that it could allow unauthenticated attackers to remotely execute arbitrary Java code as root on unpatched devices.
The Amazon threat intelligence team reported on Wednesday that the Interlock ransomware operation had been exploiting the Secure FMC flaw in attacks targeting enterprise firewalls for more than a month before it was patched.
"While looking for any current or past exploits of this vulnerability, our research found that Interlock was exploiting this vulnerability 36 days before its public disclosure, beginning January 26, 2026," said CJ Moses, CISO of Amazon Integrated Security.
"This wasn't just another vulnerability exploit, Interlock had a zero-day in their hands, giving them a week's head start to compromise organizations before defenders even knew to look."
"On March 4, 2026, Cisco issued a security advisory disclosing a vulnerability in the web interface of Cisco Secure Firewall Management Center Software," Cisco told BleepingComputer on Wednesday in an email statement after publishing. "We appreciate Amazon's partnership on this, and we have updated our security advisory with the latest information. We strongly urge customers to upgrade as soon as possible and reference our security advisory for more details and guidance."
Since the start of the year, Cisco has addressed several other security vulnerabilities that have been exploited in the wild as zero-days. For instance, in January, it fixed a maximum-severity Cisco AsyncOS zero-day that had been exploited to breach secure email appliances since November and patched a critical Unified Communications RCE that was also abused in zero-day attacks.
Last month, Cisco addressed another maximum-severity flaw that was abused as a zero-day to bypass Catalyst SD-WAN authentication, allowing attackers to compromise controllers and add malicious rogue peers to targeted networks.
Update March 18, 12:55 EDT: Added Cisco statement.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh