CVE-2021-42572

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

#ParsedReport #CompletenessLow 07-10-2025

Crimson Collective: A New Threat Group Observed Operating in the Cloud

https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud

Report completeness: Low

Actors/Campaigns: Crimson collective

Threats: Trufflehog tool

Victims: Cloud service providers, Technology sector

Geo: Ukraine, Russia

CVEs: CVE-2021-42572 [Vulners] CVSS V3.1: Unknown, Vulners: Exploitation: Unknown X-Force: Risk: Unknown X-Force: Patch: Unknown

TTPs: Tactics: 4 Technics: 15

IOCs: Coin: 1 IP: 4

Functions: GetCalletIdentity, CreateUser, CreateLoginProfile, CreateAccessKey, SimulatePrincipalPolicy, AttachUserPolicy, GetUser, GetAccount, GetBucketLocation, GetHostedZoneCount, have more...

Win API: GetObject

Links: https://github.com/trufflesecurity/trufflehog

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-42572

Affected Products

Undefined

CVE-2021-42572

Related Identifiers

Affected Products

References · 4