Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism."
That's according to aΒ new warningΒ from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target
By Ravie Lakshmanan β September 30th 2022 at 11:52
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments.
Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the nameΒ Witchetty, which is also known asΒ LookingFrog, a subgroup operating under the TA410
Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023.
The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbedΒ Operation Soft CellΒ based on tooling overlaps.
"The initial attack phase involves infiltrating Internet-facing Microsoft Exchange servers to deploy
Login
FreshRSS