Cyber Spy Group Uses IIS Web Software to Hack Targets

Security researchers have found that the hacking group called Cranefly is deploying new techniques that leverage Internet Information Services (IIS) logs, which is Microsoft’s extensible web server software, to open backdoors to their hacking targets.

Cranefly uses commands from legitimate IIS logs to connect and communicate with custom tools and to hide traces of its hacking activity on the victim machines. 

This technique has been used in intelligence gathering campaigns, which have been perpetrated by this highly effective hacking group.

Security researchers at Symantec, part of Broadcom, have researched the tactic, which uses a previously unidentified Trojan, dubbed Geppei. The hacking method is used to install backdoors and other custom tools on Storage Area Networks (SAN), load balancers, and wireless access point controllers.

The research found that the access point controllers targeted by Cranefly lacked appropriate security tools.

The technique has not been observed before now, and researchers called it a clever way for the attacker to deploy commands. Another threat actor typically focusing on intelligence gathering is Polonium, which was recently seen by ESET using seven different backdoor variants to spy on Israeli organisations.

Oodaloop:        NewsNow:    Dark Reading:    Infosecurity Magazine:    bBankInfoSecurity:    flipboard: 

You Might Also Read: 

Detecting & Mitigating Cyber Attacks:

 

« A Snapshot Of Cyber Security In Britain
Wanted - A New Generation Of Cyber Security Leaders »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

44CON

44CON

44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

CERT.lu

CERT.lu

CERT.lu is an initiative to enhance cyber security practices and techniques, and support security professionals in Luxembourg.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Munio

Munio

Munio is a leading Fortified IT Support and Cyber Security companies in the south east of the UK.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.

Centum Digital

Centum Digital

Centum Digital provide services, products and solutions specialized in communications engineering, control and signal intelligence.