Security News > 2023 > June > State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments
2023-06-19 09:33

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques.

The company's Cortex Threat Research team is tracking the activity under the temporary name CL-STA-0043, describing it as a "True advanced persistent threat."

The infection chain is triggered by the exploitation of vulnerable on-premises Internet Information Services and Microsoft Exchange serves to infiltrate target networks.

Palo Alto Networks said it detected failed attempts to execute the China Chopper web shell in one of the attacks, prompting the adversary to shift tactics and leverage an in-memory Visual Basic Script implant from the Exchange Server.

A successful break-in is followed by reconnaissance activity to map out the network and single out critical servers that hold data of value, including domain controllers, web servers, Exchange servers, FTP servers, and SQL databases.

Besides using Mimikatz for credential theft, the threat actor's modus operandi stands out for utilizing other novel methods to steal passwords, conduct lateral movement, and exfiltrate sensitive data, such as -.


News URL

https://thehackernews.com/2023/06/state-backed-hackers-employ-advanced.html