The attacker has been identified leveraging a number of POC, proof-of-concept, exploit code, shells, and other various tools from open source. These actions are primarily through the use of remote code execution vulnerabilities in unpatched versions of Telerik UI and other Microsoft IIS and Citrix vulnerabilities.
The attacker has shown the capability to find and quickly leverage exploitable public vulnerabilities and regularly conducts reconnaissance of target networks looking for vulnerable services. The attacker might potentially maintain a list of public-facing services to quickly locating the vulnerable services after future vulnerability releases.
How Is The Attack Happening
- links to credential harvesting websites
- emails with links to malicious files, or with the malicious file directly attached
- links prompting users to grant Office 365 OAuth tokens to the actor
- use of email tracking services to identify the email opening and lure click-through events.
Sprint Networks has an experienced team with comprehensive solutions to support your evolving security requirements. We have a strong partnership with leading technology providers to secure and maintain your security today and into the future.
Sprint Networks is offering Managed Email and DNS Security to strengthen your security defences with better control over all aspects of inbound, outbound emails, and suspicious traffic. To avoid becoming a victim in this attack, relying on people to keep your business safe should not be part of your options.
We are providing cloud -based Email Security solution filters all malicious email before it even hits your network components. Even though your employment received the malformed web address from other sources, we will block the requests before it even sends out from your network. The attacker will not be able to get any responses from the victims.