← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
WHITE PetrP.73 2026-03-20 Modified: 2026-04-19
21
IOCs
MEDIUM VOLUME
Amazon threat intelligence has uncovered an ongoing Interlock ransomware campaign that exploits a critical vulnerability, CVE-2026-20131, in Cisco's Secure Firewall Management Center Software. Disclosed publicly by Cisco on March 4, 2026, this vulnerability allows unauthenticated remote attackers to execute arbitrary Java code with root privileges. Notably, Interlock began exploiting this zero-day vulnerability on January 26, 2026, 36 days prior to its public announcement, facilitating their ability to compromise organizations unnoticed.
ransomewarethreat intelligenceinterlockamazon threatciscocisco securecve202620131centerjava codejanuaryhttphttp putpowershelldesktopratswin64
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Interlock
Indicators of Compromise (2 / 21 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 6c8efbcef3af80a574cb2aa2224c145bb2e37c2f3d3f091571708288ceb22d5f 2026-03-20
FileHash-SHA256 d1caa376cb45b6a1eb3a45c5633c5ef75f7466b8601ed72c8022a8b3f6c1f3be 2026-03-20
References (1)
↗ https://aws.amazon.com/ru/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/