Posts

Showing posts with the label Brute Force Attacks

The Rising Threat of ToolShell: Unpacking the July 2025 SharePoint Zero-Day Exploits

Image
Anatomy of the ToolShell Exploit Chain Beginning around July 7, 2025, adversaries exploited a deserialization flaw in SharePoint’s on-premises service (CVE-2025-53770) to upload a malicious spinstall0.aspx payload, triggering code execution within the w3wp.exe process. A secondary path-traversal flaw (CVE-2025-53771) then enabled privilege escalation and lateral movement across corporate networks . Security researchers at Eye Security and Palo Alto Networks’ Unit 42 observed attackers bypassing identity controls – MFA and SSO – to exfiltrate machine keys, deploy persistent backdoors, and chain ransomware operations within hours of initial compromise . State-Backed Actor Involvement Microsoft attributes the campaign primarily to Storm-2603, assessed with moderate confidence to be China-based, alongside historically linked groups Linen Typhoon and Violet Typhoon . These actors have a track record of blending cyber-espionage with financially motivated ransomware like Warlock and Lo...
Post a Comment
Read more

Iranian Cyber Actors Target Critical Infrastructure: A Comprehensive Analysis of Recent Brute Force and Credential Access Campaigns

Image
In a significant warning to critical infrastructure organizations worldwide, several prominent cybersecurity and intelligence agencies, including the FBI, CISA, NSA, CSE, and ACSC, have released a joint advisory addressing the activities of Iranian cyber actors targeting sectors like healthcare, government, information technology, and energy. These cyber campaigns employ brute force tactics and credential access techniques, compromising systems and potentially facilitating further malicious activities across multiple infrastructure sectors. Overview of the Cyber Threat The advisory highlights that since October 2023, Iranian cyber actors have deployed brute force techniques, notably password spraying and multi-factor authentication (MFA) ‘push bombing,’ to infiltrate critical organizations. The actors leverage these tactics to gain unauthorized access and persist in these environments by modifying MFA configurations and continuously gathering valuable credentials and network dat...
Post a Comment
Read more