20.08.2025., 21:15
|
#367
|
|
White Rabbit
Datum registracije: May 2006
Lokacija: -
Postovi: 5,533
|
Citiraj:
Autor kopija
Eto, prizvali ste Bubbu, NOW CALL YOUR SENATOR!
Može lock.
|
Dezurni Cinober foruma se javio  (ne Bubba)
Nego natrag na normalan program ove teme:
Citiraj:
Red Canary specialists have discovered an unusual campaign using the new DripDropper malware, targeting Linux cloud servers. The attackers gained access via the CVE-2023-46604 vulnerability in Apache ActiveMQ, then gained a foothold in the system and installed a patch to close the very hole they had entered through.
This paradoxical move allowed them not only to cover their tracks, but also to block access to competitors, leaving the infected server under their complete control.
Analysts recorded the execution of reconnaissance commands on dozens of vulnerable hosts. On some of them, the attackers deployed remote control tools, from Sliver to Cloudflare tunnels, providing long-term secret communication with C2 servers. In one incident, they modified sshd settings, including root access, and launched the DripDropper downloader.
|
> redHotCyber
|
|
|