Tag-100 Hacker Group Exploiting Citrix NetScaler & F5 BIG-IP Vulnerabilities
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A new threat actor, TAG-100, has emerged and is actively targeting government and private sector organizations worldwide and initiates its attacks by exploiting vulnerabilities in internet-facing devices, such as Citrix NetScaler and F5 BIG-IP, to gain initial access to victim networks.
It leverages open-source remote access tools to automate and streamline this initial compromise stage.
Once inside a target network, TAG-100 establishes persistence within the compromised system by deploying open-source Go backdoors like Pantegana and SparkRAT.
The persistence mechanism enables TAG-100 to maintain long-term access to the compromised system and conduct further exploitation activities, such as lateral movement, data exfiltration, or credential theft.
TAG-100’s attack chain is a prime example of a strategy that combines the utilization of easily accessible open-source tools with the exploitation of vulnerabilities that have only recently been disclosed.
Leveraging open-source Tools
The opportunistic exploitation of recently disclosed vulnerabilities demonstrates their ability to rapidly adapt their tactics to the evolving threat landscape, allowing them to target vulnerable systems before security patches are widely deployed, potentially maximizing the window of opportunity for a successful attack.
The use of open-source tools throughout various stages of the attack cycle offers them several advantages, as open-source tools are freely available and widely documented, making them easy to obtain and integrate into existing toolsets.
Additionally, the ubiquity of open-source tools can obfuscate malicious activity, as network traffic generated during these attacks may appear legitimate on the surface, which can make it more difficult for security defenders to detect and isolate malicious activity within a network.
TAG-100’s reliance on open-source tools also presents potential weaknesses.
The open nature of these tools means that security researchers and defenders are also familiar with their capabilities, making it easier to identify and disrupt attacks that leverage these tools.
The open-source community constantly develops and updates these tools, which may introduce vulnerabilities that security researchers can exploit to disrupt or disable malware that relies on them.
Broadcom identified threats using a combination of signature-based and behavioral analysis. Trojan malware, Trojan.Gen.MBT and Trojan.Gen.NPE was detected on the system.
The system flagged suspicious network activity, including attempts to connect to malicious domains or IPs, which were identified through a combination of file-based analysis, network traffic monitoring, and web filtering.
#Cyber_Security #Cyber_Security_News #Exploit #Vulnerability #cyber_security #cyber_security_news #Open-Source_Tools #vulnerability
Оригинальная версия на сайте:
Tag-100 Hacker Group Exploiting Citrix NetScaler & F5 BIG-IP Vulnerabilities
Author: Raga VarshiniA new threat actor, TAG-100, has emerged and is actively targeting government and private sector organizations worldwide and initiates its attacks by exploiting vulnerabilities in internet-facing devices, such as Citrix NetScaler and F5 BIG-IP, to gain initial access to victim networks.
It leverages open-source remote access tools to automate and streamline this initial compromise stage.
Once inside a target network, TAG-100 establishes persistence within the compromised system by deploying open-source Go backdoors like Pantegana and SparkRAT.
The persistence mechanism enables TAG-100 to maintain long-term access to the compromised system and conduct further exploitation activities, such as lateral movement, data exfiltration, or credential theft.
TAG-100’s attack chain is a prime example of a strategy that combines the utilization of easily accessible open-source tools with the exploitation of vulnerabilities that have only recently been disclosed.
Leveraging open-source Tools
The opportunistic exploitation of recently disclosed vulnerabilities demonstrates their ability to rapidly adapt their tactics to the evolving threat landscape, allowing them to target vulnerable systems before security patches are widely deployed, potentially maximizing the window of opportunity for a successful attack.
The use of open-source tools throughout various stages of the attack cycle offers them several advantages, as open-source tools are freely available and widely documented, making them easy to obtain and integrate into existing toolsets.
Additionally, the ubiquity of open-source tools can obfuscate malicious activity, as network traffic generated during these attacks may appear legitimate on the surface, which can make it more difficult for security defenders to detect and isolate malicious activity within a network.
TAG-100’s reliance on open-source tools also presents potential weaknesses.
The open nature of these tools means that security researchers and defenders are also familiar with their capabilities, making it easier to identify and disrupt attacks that leverage these tools.
The open-source community constantly develops and updates these tools, which may introduce vulnerabilities that security researchers can exploit to disrupt or disable malware that relies on them.
Broadcom identified threats using a combination of signature-based and behavioral analysis. Trojan malware, Trojan.Gen.MBT and Trojan.Gen.NPE was detected on the system.
The system flagged suspicious network activity, including attempts to connect to malicious domains or IPs, which were identified through a combination of file-based analysis, network traffic monitoring, and web filtering.
#Cyber_Security #Cyber_Security_News #Exploit #Vulnerability #cyber_security #cyber_security_news #Open-Source_Tools #vulnerability
Оригинальная версия на сайте:
