Trial-and-error in advanced cyberattacks uncovered

Threat actors were found by Windows Event Logs to have conducted trial-and-error in a trio of highly sophisticated cyber incidents against a residential development company, a manufacturing firm, and an enterprise shared services organization between November and December, reports Cyber Security News. Vulnerabilities in web apps on the Microsoft Internet Information Server have been leveraged by attackers to facilitate remote command execution, as well as Golang-based agent.exe trojan and SparkRAT deployment, according to a report from Huntress. While the initial intrusion was promptly detected upon attempted malware download via Windows Defender, attackers proceeded to include Defender exclusions prior to payload injection in subsequent attempts. Hacked endpoints were also repeatedly tested with other tools and techniques, with attackers eventually learning to issue PowerShell commands to exclude typical malware file extensions before malware delivery. Such findings highlight threat actors' persistence amid increasingly robust defensive systems.