Researchers have once again detected the activities of a cyber organization associated with the event scheduled for the end of the year.

In [Year] [Month], attackers breached multiple [Server] servers to gain access to the infrastructure of a large North American company. Due to the similar tools and tactics used, experts have linked these attacks to [Attacker Group].

The activity was first noticed in [year] [month] when hackers were collecting data from online payments. Since then, there has been almost no news about them. According to [source], cybercriminals are now targeting companies that develop and support payment systems and gateways.

To attack the server, the attacker exploited vulnerabilities in a popular platform. Specifically, two vulnerabilities were used - -- and --, which allowed for remote code execution and file download. Both of these vulnerabilities are included in the known exploitable vulnerabilities directory.

After gaining access, the hacker deployed tools and established persistent connections through tunnels and reverse proxies (such as and ). Subsequently, they used tools to escalate privileges via scripts.

Attackers actively employ a mix of . and ++ assembly, making the analysis of their program code difficult. This enables the concealment of malicious functions and circumvention of security systems. Additionally, packed scripts are used to steal data, allowing them to masquerade as legitimate executables.

The primary attack method involves installing a reverse shell and using legitimate utilities to execute malicious commands. For instance, hackers use "." to download and execute malicious files, followed by running a script.

The similarity in the strategies and tools used confirms the connection between this activity and the previously described BlackBerry's targeting of payment systems. However, the attackers are now employing new data collection methods: instead of injecting code into pages, they are using scripts to connect to databases and upload data to.

Experts recommend timely updating of vulnerable program versions and using advanced security tools (such as and ) as well as cloud services (including advanced filtering and advanced security).

author-gravatar

Author: Emma

An experienced news writer, focusing on in-depth reporting and analysis in the fields of economics, military, technology, and warfare. With over 20 years of rich experience in news reporting and editing, he has set foot in various global hotspots and witnessed many major events firsthand. His works have been widely acclaimed and have won numerous awards.

This post has 5 comments:

Leave a comment: