This analysis is a follow-up to the investigation titled ‘Intrusion into Middle East Critical National Infrastructure’, conducted by the FortiGuard Incident Response Team (FGIR), which investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East.
The report revealed that threat actors had installed numerous web shell servers on the compromised system. In this follow-up, we conducted a deep analysis of one of these web shell servers, named UpdateChecker.aspx, which was deployed on the Microsoft IIS (Internet Information Services) server of the compromised system.
Read more…
Source: Fortinet
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- APT Adversaries Up the Ante on Speed, Target Telecom
February 19, 2019
Despite law-enforcement wins in the form of several high-profile arrests and indictments during 2018, nation-state adversaries have upped their games when it comes to speed. That’s according to CrowdStrike’s 2019 Global Threat Report, which found that when analyzing how long it takes to go from initial compromise to the attacker’s first lateral movement within the network, Russian-speaking APTs (such ...
- North Korea Turns Against New Targets?!
February 19, 2019
Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or another is ...
- Hackers Use Compromised Banks as Starting Points for Phishing Attacks
February 19, 2019
Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. In a report released today and shared with BleepingComputer, international security company Group-IB specialized in preventing cyber attacks describes a so called cross-border domino-effect that can lead to spreading an infection beyond the initial ...
- When Cyberattacks Pack a Physical Punch
February 18, 2019
Physical security goes hand in hand with cyberdefense. What happens when – as we see all too often – the physical side is overlooked? More than one in 10 data breaches now involve “physical actions,” according to a recent report. These include leveraging physical devices to aid an attack, but also hacks that involve breaking into hardware ...
- Cisco’s warning: Patch this default Network Assurance Engine password bug
February 13, 2019
Cisco is urging customers to install an update that fixes a high-severity issue affecting its Network Assurance Engine (NAE) for managing data-center networks. The bug, tracked as CVE-2019-1688, could allow an attacker to use a flaw in the password-management system of NAE to knock out an NAE server and cause a denial of service. NAE is an ...
- New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info
February 13, 2019
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules. According to Cybereason’s Nocturnus team which discovered the new Astaroth strain, just like previous instalments, the malware uses “legitimate, built-in Windows OS processes to perform malicious activities and deliver a payload without being ...