Tag: APT
Detecting HAFNIUM Exchange Exploitation Campaign with ReaQta-Hive
Published 1 year ago
A hunting query to identify post-exploitation activities Customized Detection Strategy (DeStra) to detect future exploitation attempts On the 11th of March, Microsoft reported an active exploitation campaign of several zero-day vulnerabilities affecting on-premise versions of Microsoft Exchange Servers allegedly from a state-sponsored adversary, HAFNIUM. The attack starts by exploiting vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and …
Continue reading “Detecting HAFNIUM Exchange Exploitation Campaign with ReaQta-Hive”
A dive into MuddyWater APT targeting Middle-East
Published 4 years ago
MuddyWater is a threat actor that caught our attention for their extensive use of “Living off the Land” attacks in a targeted campaign aimed at the Middle East. During our investigation we reconstruct the evolution of the vectors used and how the group operates to target their victims, evade detections and move laterally inside the compromised …
Continue reading “A dive into MuddyWater APT targeting Middle-East”