Cyber Spy Group Uses IIS Web Software to Hack Targets

Security researchers have found that the hacking group called Cranefly is deploying new techniques that leverage Internet Information Services (IIS) logs, which is Microsoft’s extensible web server software, to open backdoors to their hacking targets.

Cranefly uses commands from legitimate IIS logs to connect and communicate with custom tools and to hide traces of its hacking activity on the victim machines. 

This technique has been used in intelligence gathering campaigns, which have been perpetrated by this highly effective hacking group.

Security researchers at Symantec, part of Broadcom, have researched the tactic, which uses a previously unidentified Trojan, dubbed Geppei. The hacking method is used to install backdoors and other custom tools on Storage Area Networks (SAN), load balancers, and wireless access point controllers.

The research found that the access point controllers targeted by Cranefly lacked appropriate security tools.

The technique has not been observed before now, and researchers called it a clever way for the attacker to deploy commands. Another threat actor typically focusing on intelligence gathering is Polonium, which was recently seen by ESET using seven different backdoor variants to spy on Israeli organisations.

Oodaloop:        NewsNow:    Dark Reading:    Infosecurity Magazine:    bBankInfoSecurity:    flipboard: 

You Might Also Read: 

Detecting & Mitigating Cyber Attacks:

 

« A Snapshot Of Cyber Security In Britain
Wanted - A New Generation Of Cyber Security Leaders »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

Halon

Halon

Halon is a flexible security and operations platform for in-transit email.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

PA Consulting

PA Consulting

PA Consulting Group is a consultancy that specialises in strategy, technology and innovation. Our cyber security experts work with you to spot digital and technology security risks and reduce them.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

Encova Insurance

Encova Insurance

Encova’s cyber liability coverage protects you and your customers in case of a security breach in your company's data.

Threatsys Technologies

Threatsys Technologies

Threatsys’s Integrated cyber security process helps your organizations to ensure that it’s secure from any fraudulent attacks.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.

tmc3

tmc3

tmc3 is an award-winning, people-centric consultancy that is transforming cyber security from an overhead into an organisational enabler.