The intrusions could have enabled the adversaries to establish strategic footholds and compromise downstream entities, highlighting the serious risks posed by this cyber espionage group.
The threat actors abused Visual Studio Code and Microsoft Azure infrastructure for C2 [command-and-control] purposes, attempting to evade detection by making malicious activities appear legitimate.
Central to Operation Digital Eye is the weaponization of Microsoft Visual Studio Code Remote Tunnels for C2, allowing attackers to execute arbitrary commands and manipulate files.
The use of SQL injection as an initial access vector to breach internet-facing applications shows the sophistication of the attackers in leveraging legitimate tools for malicious purposes.
Collection
[
|
...
]