Hackers from China are using never-before-seen tactics in order to launch attacks

by

in
Hackers from China are using never-before-seen tactics in order to launch attacks

The newly discovered Chinese nation-state actor known as Volt Typhoon has been active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest.

A closer examination of the Tomcat access logs unearthed several HTTP POST requests to /html/promotion/selfsdp.jspx, a web shell that’s camouflaged as the legitimate identity security solution to sidestep detection.

The web shell is believed to have been deployed nearly six months before the aforementioned hands-on-keyboard activity, indicative of extensive prior recon of the target network.

The trojanized version of tomcat websocket.jar is fitted with three new Java classes named A, B, and C with A class functioning as another web shell capable of receiving and executing Base64-encoded and AES-encrypted commands.

#shorts #techshorts #technews #tech #technology #custom web shells #initial access #Vanguard Panda

๐Ÿ‘‹ Feeling the vibes?

Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐Ÿ›๏ธ

If not, consider contributing to my caffeine supply at Buy Me a Coffee โ˜•๏ธ.

Your clicks = cosmic support for more awesome content! ๐Ÿš€๐ŸŒˆ


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *