Source |
CSO |
Identifiant |
4664337 |
Date de publication |
2022-05-11 11:22:00 (vue: 2022-05-17 11:05:09) |
Titre |
Threat hunters expose novel IceApple attack framework |
Texte |
A novel post-exploitation framework that allows the activity of its malicious actors to persist on their targets was exposed Wednesday by Crowdsrike's Falcon OverWatch threat hunters. Dubbed IceApple, the .NET-based framework has been observed since late 2021 in multiple victim environments in geographically diverse locations with targets spanning the technology, academic and government sectors, according to CrowdStrike's report.Up to now, Falcon OverWatch's threat hunters have found the framework only on Microsoft Exchange instances, but they said it's capable of running under any Internet Information Services (IIS) web application and advise organizations to make sure their web apps are fully patched to avoid infection.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
2021 academic according activity actors advise allows any application apps are article attack avoid based been but capable click crowdsrike crowdstrike diverse dubbed environments exchange exploitation expose exposed falcon found framework full fully geographically government has have here hunters iceapple iis infection information instances internet its late locations make malicious microsoft multiple net novel now observed only organizations overwatch patched persist please post read report running said sectors services since spanning sure targets technology threat under victim web wednesday |
Tags |
Threat
|
Stories |
|
Notes |
|
Move |
|