Source: https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html In a highly-targeted attack, a sophistic

Business, Finance, Economics, Accounting, Operations Management, Computer Science, Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Algebra, Precalculus, Statistics and Probabilty, Advanced Math, Physics, Chemistry, Biology, Nursing, Psychology, Certifications, Tests, Prep, and more.
Post Reply
answerhappygod
Site Admin
Posts: 899603
Joined: Mon Aug 02, 2021 8:13 am

Source: https://thehackernews.com/2022/06/chinese-hackers-exploited-sophos.html In a highly-targeted attack, a sophistic

Post by answerhappygod »

Source:https://thehackernews.com/2022/06/chine ... ophos.html
In a highly-targeted attack, a sophisticated Chinese AdvancedPersistent Threat (APT) actor used a serious security flaw inSophos' firewall product that was discovered earlier this year tobreach an undisclosed South Asian target. The attacker set up anintriguing web shell backdoor created a secondary kind ofpersistence, and then began attacks against the customer'sworkforce. These attacks sought to compromise the organization'spublic-facing websites located on cloud-based web servers.
Early indications of exploitation of the problem, according toVolexity, began on March 5, 2022, when it identified aberrantnetwork activity emanating from an undisclosed customer's SophosFirewall running the then-current version, nearly three weeksbefore the vulnerability was publicly disclosed. The attacker wasattempting man-in-the-middle (MitM) attacks by gaining access tothe firewall. The attacker exploited the information gathered fromthese MitM attacks to infiltrate other systems outside of thenetwork where the firewall was located. It's worth noting thatChinese APT groups used the Behinder web shell in a different waveof incursions earlier this month, leveraging a zero-day hole inAtlassian Confluence Server installations (CVE-2022-26134).
The attacker used the access to session cookies to take controlof the WordPress site and install a second web shell calledIceScorpion, which he used to install three open-source implants onthe web server, including PupyRAT, Pantegana, and Sliver. They canbuild or buy zero-day exploits to accomplish their objectives,putting the odds in their favor when it comes to getting access totarget networks. Attackers used the flaw to install malicious fileson the device, then took extra measures to cause it to halt andrestart several services.
Note: For the full article, please visit the above-attachedlink.
( THE QUESTION IS THE FOLLOWING )
- What recommendations you may provide to the victims mentionedin this case study to improve their security policies? List downfour recommendations.? ( fOUR RECOMMENDATIONS PLEASE)
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!
Top
Post Reply

Return to “Archived Questions & Answers”