Summary Take-Aways Up Front:
* Russian threat actors continue to employ multiple IV (initial vectors) into target networks, and carry out multi-objective operations once inside, with the primary aim of either long term persistence, destruction, or both

* Russian actors, including a newly identified espionage campaign, are more and more turning to connected devices within an environment to maintain persistence, disrupt operations, evade security controls and exfil or tunnel information and C2

* VPN devices serve as a primary IV (initial vector) into enterprise and government networks

* CISA’s known exploited vulnerabilites list, including this top 15 list, is key in deterring all threat actors of significance

* Exploited vulnerabilities continue to serve as a primary vector into organizations

For more information see: APRIL FIRMWARE THREAT REPORT