News

Msiexec Impersonation - Exploit Leads to Data Exfiltration

  • 7 June 2022
  • 0 replies
  • 16 views
Msiexec Impersonation - Exploit Leads to Data Exfiltration
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

In this multi-day intrusion, The DFIR Report observed a threat actor gain initial access to an organization by exploiting a vulnerability in ManageEngine SupportCenter Plus.
The threat actor, discovered files on the server and dumped credentials using a web shell, moved laterally to key servers using Plink and RDP and exfiltrated sensitive information using the web shell and RDP.

The FBI and CISA published an advisory noting that APT attackers were using CVE-2021-44077 to gain initial access to the networks of organizations of Critical Infrastructure Sectors such as healthcare, financial, electronics and IT consulting industries.


0 replies

Be the first to reply!

Reply