A "persistent attacker group" with supposed connections to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into organizations worldwide and extract significant data. In another report published by the ClearSky research group on Thursday, the Israeli cybersecurity firm said it recognized at least 250 public-facing web servers since early 2020 that have been hacked by the threat actors to gather intelligence and take the organization's databases. The coordinated intrusions hit a ton of organizations situated in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and facilitating and infrastructure service providers (Secured Servers LLC, iomart).
First documented in 2015, Volatile Cedar (or Lebanese Cedar) has been known to infiltrate an enormous number of targets utilizing different assault procedures, including a custom-made malware implant codenamed Explosive. Lebanese Cedar has been recently associated with Lebanese roots — explicitly Hezbollah's cyber unit — regarding a cyber espionage campaign in 2015 that focused on military providers, telecom organizations, media outlets, and universities.
The Lebanese Cedar hackers utilized open-source hacking tools to check the web for unpatched Atlassian and Oracle servers, at that point they utilized exploits to access the server and send a web shell to acquire traction in the target system.
The assailants utilized basic 1-day vulnerabilities dependent on the vulnerable versions of the services in the undermined servers. Utilizing the three flaws in the servers (CVE-2019-3396, CVE-2019-11581, and CVE-2012-3152) as an attack vector to acquire underlying traction, the assailants at that point infused a web shell and a J ..
Support the originator by clicking the read the rest link below.
