Cyber Spy Group Uses IIS Web Software to Hack Targets

Security researchers have found that the hacking group called Cranefly is deploying new techniques that leverage Internet Information Services (IIS) logs, which is Microsoft’s extensible web server software, to open backdoors to their hacking targets.

Cranefly uses commands from legitimate IIS logs to connect and communicate with custom tools and to hide traces of its hacking activity on the victim machines. 

This technique has been used in intelligence gathering campaigns, which have been perpetrated by this highly effective hacking group.

Security researchers at Symantec, part of Broadcom, have researched the tactic, which uses a previously unidentified Trojan, dubbed Geppei. The hacking method is used to install backdoors and other custom tools on Storage Area Networks (SAN), load balancers, and wireless access point controllers.

The research found that the access point controllers targeted by Cranefly lacked appropriate security tools.

The technique has not been observed before now, and researchers called it a clever way for the attacker to deploy commands. Another threat actor typically focusing on intelligence gathering is Polonium, which was recently seen by ESET using seven different backdoor variants to spy on Israeli organisations.

Oodaloop:        NewsNow:    Dark Reading:    Infosecurity Magazine:    bBankInfoSecurity:    flipboard: 

You Might Also Read: 

Detecting & Mitigating Cyber Attacks:

 

« A Snapshot Of Cyber Security In Britain
Wanted - A New Generation Of Cyber Security Leaders »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

HYAS Infosec

HYAS Infosec

HYAS is a highly skilled information security firm developing the next generation of information security technology.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

SecOps Group

SecOps Group

SecOps Group is a boutique cybersecurity consultancy helping enterprises identify & eliminate security risks on a continuous basis.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.

Unified Infotech

Unified Infotech

Unified Infotech is a trusted partner for IT and software solutions dedicated to empowering businesses.