Cyber Spy Group Uses IIS Web Software to Hack Targets
Security researchers have found that the hacking group called Cranefly is deploying new techniques that leverage Internet Information Services (IIS) logs, which is Microsoft’s extensible web server software, to open backdoors to their hacking targets.
Cranefly uses commands from legitimate IIS logs to connect and communicate with custom tools and to hide traces of its hacking activity on the victim machines.
This technique has been used in intelligence gathering campaigns, which have been perpetrated by this highly effective hacking group.
Security researchers at Symantec, part of Broadcom, have researched the tactic, which uses a previously unidentified Trojan, dubbed Geppei. The hacking method is used to install backdoors and other custom tools on Storage Area Networks (SAN), load balancers, and wireless access point controllers.
The research found that the access point controllers targeted by Cranefly lacked appropriate security tools.
The technique has not been observed before now, and researchers called it a clever way for the attacker to deploy commands. Another threat actor typically focusing on intelligence gathering is Polonium, which was recently seen by ESET using seven different backdoor variants to spy on Israeli organisations.
Oodaloop: NewsNow: Dark Reading: Infosecurity Magazine: bBankInfoSecurity: flipboard:
You Might Also Read:
Detecting & Mitigating Cyber Attacks: