A cyber attack on Haunted Company Inc. has raised significant concerns just before their IPO. The company is investigating the breach, collaborating with analysts to identify the threat actor and assess the damage. The attack involved defacement of a website and exploitation of vulnerabilities in their Tokyo server. #CyberSecurity #ThreatIntelligence #DataBreach
Keypoints :
- Haunted Company Inc. is a Credit Reporting Agency planning to go public.
- Just before the IPO, one of their websites was defaced, indicating a potential cyber attack.
- The Tokyo server was specifically targeted, raising concerns about the company’s reputation.
- Threat Intelligence Analysts are collaborating to uncover the identity of the adversary.
- Previous breaches in the industry provide context for the current threat landscape.
- The investigation revealed the use of social engineering and webshells in the attack.
- Key vulnerabilities exploited include Remote Code Execution (RCE) and SQL Injection.
- The threat group responsible is linked to financial motivations and espionage.
MITRE Techniques :
- T1071 – Application Layer Protocol: Exploited to communicate with compromised servers.
- T1203 – Exploitation for Client Execution: Used social engineering to trick users into executing malicious files.
- T1059 – Command and Scripting Interpreter: Utilized to execute commands via the webshell.
- T1190 – Exploit Public-Facing Application: Targeted vulnerabilities in public-facing applications.
- T1210 – Exploitation of Remote Services: Leveraged RCE vulnerabilities for server access.
Indicator of Compromise :
- [domain] haunted.io
- [file name] dp4.jpeg
- [file name] password.zip
- [file name] Tokyo_IOC.zip
- [file hash] CVE-2023-50164
- Check the article for all found IoCs.
Full Research: https://infosecwriteups.com/haunted-blue-team-labs-online-write-up-00eb3fb9fd77?source=rss—-7b722bfd1b8d—4
Views: 0