The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities like CVE-2024-30088 for privilege escalation.
The attack chains entail the deployment of a previously undocumented implant that comes with capabilities to exfiltrate credentials through on-premises Microsoft Exchange servers, a tried-and-tested tactic adopted by the adversary in the past.
Collection
[
|
...
]