• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

You are here: Home / General Cyber Security News / Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers
May 12, 2022

Researchers have thorough a beforehand undocumented .NET-primarily based submit-exploitation framework termed IceApple that has been deployed on Microsoft Exchange server instances to aid reconnaissance and data exfiltration.

“Suspected to be the get the job done of a state-nexus adversary, IceApple stays below active enhancement, with 18 modules observed in use throughout a variety of organization environments, as of May 2022,” CrowdStrike reported in a Wednesday report.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The cybersecurity firm, which uncovered the subtle malware in late 2021, observed its existence in multiple target networks and in geographically distinct areas. Targeted victims span a broad range of sectors, like technology, academic, and govt entities.

A submit-exploitation toolset, as the title implies, is not utilised to give original access, but is alternatively utilized to have out observe-on attacks immediately after getting already compromised the hosts in question.

IceApple is noteworthy for the simple fact that it truly is an in-memory framework, indicating an endeavor on the portion of the threat actor to manage a very low forensic footprint and evade detection, which, in turn, bears all hallmarks of a very long-phrase intelligence-accumulating mission.

Even though intrusions noticed so far have concerned the malware currently being loaded on Microsoft Exchange Servers, IceApple is able of functioning under any Internet Information Services (IIS) web application, producing it a powerful menace.

The various modules that come with the framework equip the malware to list and delete information and directories, create knowledge, steal qualifications, question Energetic Directory, and export delicate knowledge. Establish timestamps on these components day again to Could 2021.

“At its core, IceApple is a put up-exploitation framework concentrated on raising an adversary’s visibility of a concentrate on by means of acquisition of credentials and exfiltration of facts,” the researchers concluded.

“IceApple has been developed by an adversary with detailed expertise of the interior workings of IIS. Guaranteeing all web purposes are frequently and fully patched is critical to stopping IceApple from ending up in your atmosphere.”

Discovered this article fascinating? Abide by THN on Fb, Twitter  and LinkedIn to read much more exceptional content material we put up.


Some elements of this post are sourced from:
thehackernews.com

Previous Post: «cisa urges organizations to patch actively exploited f5 big ip vulnerability CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers
  • CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability
  • British Man Charged With Hacking US Bank Computers, Stealing Millions
  • Securing endpoints amid new threats
  • Five Eyes Nations Issue New Supply Chain Security Advisory
  • Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
  • Intel Memory Bug Poses Risk for Hundreds of Products
  • Five Eyes leaders issue guidance for MSPs to prevent second SolarWinds attack
  • Actively Exploited Zero-Day Bug Patched by Microsoft
  • Ransomware Deals Deathblow to 157-year-old College

Copyright © TheCyberSecurity.News, All Rights Reserved.