Recherche : [lateral-movement]

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/

01/05/2025 13:31:03

ESET researchers publish an analysis of Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks.<<

We discovered a malicious downloader being deployed, by legitimate Chinese software update mechanisms, onto victims’ machines.
The downloader seeks to deploy a modular backdoor that we have named WizardNet.
We analyzed Spellbinder: the tool the attackers use to conduct local adversary-in-the-middle attacks and to redirect traffic to an attacker-controlled server to deliver the group’s signature backdoor WizardNet.
We provide details abouts links between TheWizards and the Chinese company Dianke Network Security Technology, also known as UPSEC.

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples https://unit42.paloaltonetworks.com/unique-popular-techniques-lateral-movement-macos/

05/12/2024 16:44:03

We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.

Liens par page

Filtres