C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
Sharepoint vulnerability exploited in the wild
AT&T Alien Labs has seen a number of reports of active exploitation of a vulnerability in Microsoft Sharepoint (CVE-2019-0604). One report by the Saudi Cyber Security Centre appears to be primarily targeted at organisations within the kingdom. An earlier report by the Canadian Cyber Security Centre identified similar deployment of the tiny China Chopper web-shell to gain an initial foothold. AT&T Alien Labs has identified malware that is likely an earlier version of the second-stage malware deployed in the Saudi Intrusions: This malware sample was shared by a target in China. The malware receives commands encrypted with AES at http://$SERVER/Temporary_Listen_Addresses/SMSSERVICE - and has the ability to: Execute commands; and. Download and upload files. It’s likely multiple attackers are now using the exploit. One user on Twitter has reported that they have seen exploitation from the IP address 194.36.189[.]177 - which we have also seen acting as a command and control server for malware linked to FIN7.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.