Summary: Hunt researchers have detected a sophisticated cyber intrusion campaign focusing on South Korean organizations, utilizing modified Cobalt Strike tools and various open-source exploitation tools. The attackers leveraged a publicly exposed web server to distribute their malware and gather intelligence on over 1,000 Korean domains, targeting government and commercial entities. Recommendations for organizations include enhancing security measures against SQL injection and monitoring unusual network activities.
Affected: South Korean organizations, including government agencies and private businesses
Keypoints :
- Attackers used a Rust-compiled loader to deliver a modified version of the Cobalt Strike penetration testing tool.
- The campaign involved several open-source tools like SQLMap, dirsearch, and Web-SurvivalScan to exploit web vulnerabilities.
- Security measures should be enforced against SQL injection vulnerabilities, and organizations are advised to monitor unusual network traffic and HTTP requests.