Lateral reach
The trust boundaries and network segmentation you’ve been relying on don’t hold. These are the known-exploited flaws that let an attacker pivot from a forgotten edge device or low-value host into the systems that actually matter — and the named crews that make the jump.
Headline story
— the highest-newsworthiness path reaching this outcomeMore records reaching lateral reach
— ranked by newsworthiness, click through to the full recordRecords where 3 ∈ _narr_stages(r), ordered by _heat(r); the lead is shown above. Counts recomputed deterministically per build.
What this outcome targets
— records reaching lateral reach, by attack surfaceFrom build_insights().outcome_surface — the surface×outcome heat-grid, sliced to outcome 3 (reach-to-3). Counts recomputed deterministically per build; basis labeled per the corpus, never per edge.
Who drives this outcome
— named, advisory-backed actors reaching lateral reachThe CISA-led joint advisory AA24-190A names APT40 (tracked in ATT&CK as Leviathan) as a PRC Ministry of State Security group that rapidly weaponizes newly public vulnerabilities, naming the ProxyShell Exchange chain, Log4Shell, and Atlassian Confluence CVEs alongside the group.
Reaches this outcome on 5 records · full dossier →
CISA's AA21-062A and the Microsoft Threat Intelligence Center attribute the ProxyLogon Exchange exploitation chain to HAFNIUM (now tracked as Silk Typhoon), a state-sponsored group assessed to operate out of the PRC, naming both the group and the Exchange CVEs.
Reaches this outcome on 4 records · full dossier →
The #StopRansomware joint advisory AA24-109A reports that Akira ransomware affiliates gain initial access through Cisco VPN appliances lacking MFA, naming the group and the Cisco ASA/FTD CVEs they exploit to do so.
Reaches this outcome on 2 records · full dossier →
CISA, NSA and FBI's AA24-038A attributes pre-positioning on US critical-infrastructure IT networks to Volt Typhoon, naming the group's exploitation of public-facing appliance vulnerabilities including the Ivanti Connect Secure (CVE-2024-21887) and Fortinet FortiOS (CVE-2022-42475) CVEs.
Reaches this outcome on 2 records · full dossier →
tier == "confirmed" (advisory-backed) actors appear above; reported/inferred links never headline an outcome.When this outcome got exploited
— KEV additions per year that reach lateral reachViolet = records added to CISA KEV that year reaching outcome 3; red overlay = the share that carried on to data-at-risk or lights-out. From build_insights().outcome_timeline, sliced to this outcome.