International Committee of the Red Cross (ICRC) put out the below press release in mid-Feb of 2022. An APT group had been in their systems for a while. The initial compromise appears to be cve-2021-40539 which is a flaw in a web authentication module. APT27 is known to exploit this CVE and use the webshells in question.
https://www.icrc.org/en/document/cyber-attack-icrc-what-we-know
Earlier in 2022, the German government warned of APT-27 hackers backdooring business networks, using the HyperBro remote access trojans (RAT) to backdoor into their networks.
No comments:
Post a Comment