Blog
Share This Post
[ad_1]
Initial compromise of a U.S.-based global aerospace engineering company’s network had been achieved by a Chinese state-backed cyberespionage operation through the exploitation of one of three unmanaged internet-exposed IBM AIX servers with default Apache Axis admin credentials, reports The Register.
Attackers’ infiltration of the IBM AIX server incompatible with the firm’s current security tools in March facilitated malicious activity for the next four months, including AxisInvoker web shell injection for remote box control, Kerberos data harvesting, and SSH key uploads, as well as network configuration data exfiltration, according to a report from Binary Defense.
More web shells and Cobalt Strike have also been distributed by the Chinese hackers, who then targeted the aerospace engineering firm’s Microsoft Windows environment with NTLM relay attacks before being eventually blocked by Binary Defense’s threat detection tools, said the report. “And immediately after we had removed them from the environment, another attack set off, which we attributed to the same group trying to get back in through other means,” noted Binary Defense Director of Security Research John Dwyer.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
