Blog
Share This Post
[ad_1]
Major South European business-to-business IT service providers have been targeted by a suspected Chinese cyberespionage operation as part of the Operation Digital Eye attack campaign between June and July that involved the exploitation of Visual Studio Code Remote Tunnels and Microsoft Azure infrastructure for command-and-control purposes, The Hacker News reports.
Threat actors behind the intrusions, which have been averted prior to data exfiltration, initially compromised internet-exposed apps and database servers with SQL injection before proceeding with PHPsert webshell distribution, reconnaissance, credential compromise, lateral movement, and custom Mimikatz injection for pass-the-hash intrusions, according to a joint report from SentinelOne SentinelLabs and Tinextra Cyber. Both VSCode Remote Tunnels and SSH were then tapped to facilitate remote code execution. “The abuse of Visual Studio Code Remote Tunnels in this campaign illustrates how Chinese APT groups often rely on practical, solution-oriented approaches to evade detection. By leveraging a trusted development tool and infrastructure, the threat actors aimed to disguise their malicious activities as legitimate,” said researchers.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
