Dozens of organizations have already been infiltrated by Chinese cyberespionage operation Ink Dragon as it moved to include European government networks among its targets after initially compromising telecommunications and government entities in Asia and Africa, according to The Register.After achieving initial access via misconfigured Microsoft IIS and SharePoint servers, Ink Dragon proceeded to gather credentials and exploit existing accounts for further compromise before deploying its updated FinalDraft backdoor that allows data exfiltration during business hours, a report from Check Point Research showed. Impacted infrastructure is later leveraged to facilitate the delivery of custom IIS-based modules on public-facing servers."These servers forward commands and data between different victims, creating a communication mesh that hides the true origin of the attack traffic," said researchers. Similar exploitation of IIS weaknesses to breach government networks was observed to be conducted by China-linked cyberespionage gang RudePanda.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds