Security News > 2021 > January > Hezbollah hackers attack unpatched Atlassian servers at telcos, ISPs
Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations.
Using common web shell utilities as the main hacking tool and rarely relying on other tools, which hindered attribution.
ClearSky warns that the Oracle servers accessed by Lebanese Cedar are still open and are easy targets for other hackers looking to attack the networks of multiple telecom providers or gain access to the files available.
The researchers say that Lebanese Cedar combines open-source tools with custom ones, their current toolset including a full blown web shell, a custom RAT, and "Carefully selected complementary tools, including URI brute force tools."
The clever selection of tools, tactics, and attack vectors allows them to pass unnoticed.
The company's report provides complete technical details about the attacks investigated and indicators of compromise that include some of the original servers used by the hackers.
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)