← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
WHITE PetrP.73 2026-03-20 Modified: 2026-04-19
21
IOCs
MEDIUM VOLUME
Amazon threat intelligence has uncovered an ongoing Interlock ransomware campaign that exploits a critical vulnerability, CVE-2026-20131, in Cisco's Secure Firewall Management Center Software. Disclosed publicly by Cisco on March 4, 2026, this vulnerability allows unauthenticated remote attackers to execute arbitrary Java code with root privileges. Notably, Interlock began exploiting this zero-day vulnerability on January 26, 2026, 36 days prior to its public announcement, facilitating their ability to compromise organizations unnoticed.
ransomewarethreat intelligenceinterlockamazon threatciscocisco securecve202620131centerjava codejanuaryhttphttp putpowershelldesktopratswin64
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Interlock
Indicators of Compromise (1 / 21 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 df5ddf117b0e19e797c7628ba1faabb95d8efd04 SHA1 of d1caa376cb45b6a1eb3a45c5633c5ef75f7466b8601ed72c8022a8b3f6c1f3be 2026-03-20
References (1)
↗ https://aws.amazon.com/ru/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/