← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
WHITE PetrP.73 2026-03-20 Modified: 2026-04-19
21
IOCs
MEDIUM VOLUME
Amazon threat intelligence has uncovered an ongoing Interlock ransomware campaign that exploits a critical vulnerability, CVE-2026-20131, in Cisco's Secure Firewall Management Center Software. Disclosed publicly by Cisco on March 4, 2026, this vulnerability allows unauthenticated remote attackers to execute arbitrary Java code with root privileges. Notably, Interlock began exploiting this zero-day vulnerability on January 26, 2026, 36 days prior to its public announcement, facilitating their ability to compromise organizations unnoticed.
ransomewarethreat intelligenceinterlockamazon threatciscocisco securecve202620131centerjava codejanuaryhttphttp putpowershelldesktopratswin64
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Interlock
Indicators of Compromise (3 / 21 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 abe1d920b98240580563f750c1c1e4db MD5 of d1caa376cb45b6a1eb3a45c5633c5ef75f7466b8601ed72c8022a8b3f6c1f3be 2026-03-20
FileHash-MD5 b885946e72ad51dca6c70abc2f773506 2026-03-20
FileHash-MD5 f80d3d09f61892c5846c854dd84ac403 2026-03-20
References (1)
↗ https://aws.amazon.com/ru/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/