Cyber Spy Group Uses IIS Web Software to Hack Targets

Uploaded on 2022-11-08 in FREE TO VIEW, TECHNOLOGY--Hackers

Security researchers have found that the hacking group called Cranefly is deploying new techniques that leverage Internet Information Services (IIS) logs, which is Microsoft’s extensible web server software, to open backdoors to their hacking targets.

Cranefly uses commands from legitimate IIS logs to connect and communicate with custom tools and to hide traces of its hacking activity on the victim machines.

This technique has been used in intelligence gathering campaigns, which have been perpetrated by this highly effective hacking group.

Security researchers at Symantec, part of Broadcom, have researched the tactic, which uses a previously unidentified Trojan, dubbed Geppei. The hacking method is used to install backdoors and other custom tools on Storage Area Networks (SAN), load balancers, and wireless access point controllers.

The research found that the access point controllers targeted by Cranefly lacked appropriate security tools.

The technique has not been observed before now, and researchers called it a clever way for the attacker to deploy commands. Another threat actor typically focusing on intelligence gathering is Polonium, which was recently seen by ESET using seven different backdoor variants to spy on Israeli organisations.

Oodaloop: NewsNow: Dark Reading: Infosecurity Magazine: bBankInfoSecurity: flipboard:

You Might Also Read:

Detecting & Mitigating Cyber Attacks:

« A Snapshot Of Cyber Security In Britain

Wanted - A New Generation Of Cyber Security Leaders »

CyberSecurity Jobsite

Perimeter 81

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

Kernelios

Kernelios is a simulator-based training center and an incubator for cyber experts worldwide.

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

CSIRT-CY

CSIRT-CY is the National Computer Security Incident Response Team for Cyprus.

CYE

Utilizing data, numbers, and facts, CYE helps security leaders know what business assets are at risk and execute cost-effective remediation projects for optimal risk prevention.

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

ReasonLabs

ReasonLabs have created a next-generation anti-virus that is enterprise grade, yet accessible to any personal device around the world.

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.