China-linked hackers exploit Microsoft Exchange in Azerbaijani energy firm attacks.

A group of China-linked hackers, known as FamousSparrow, launched a sustained cyberattack on an Azerbaijani oil and gas company, exploiting Microsoft Exchange vulnerabilities in a multi-wave intrusion that spanned three months. The attackers used the ProxyNotShell exploit to gain and maintain access to…

https://osintsights.com/china-linked-hackers-exploit-microsoft-exchange-in-azerbaijani-energy-firm-attac?utm_source=mastodon&utm_medium=social

#ChinalinkedHackers #MicrosoftExchange #Proxynotshell #Famoussparrow #EarthEstries

Good day to everyone, I hope that everyone is safe today! Researchers from Trend Micro provide intel on a group that they named #EarthEstries. They witnessed a cyberespionage campaign that targeted governments and technology industries around the world! Once they gained access they installed #CobaltStrike on the victims system, used backdoors for repeated access, and then collected PDFs and DDF files. They provide in-depth technical details on the other tools that were used on top of all the useful information in this article. Enjoy and Happy Hunting!

Earth Estries Targets Government, Tech for Cyberespionage
https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday