XiebroC2 Identified in MS-SQL Server Attack Cases

Description

A recent attack on a poorly managed MS-SQL server involved the use of XiebroC2, an open-source C2 framework similar to CobaltStrike. The attackers exploited vulnerable credentials, installed JuicyPotato for privilege escalation, and then deployed XiebroC2 using PowerShell. XiebroC2 supports various features including remote control, information collection, and defense evasion across multiple platforms. The malware collects system information and connects to a C&C server for command execution. To protect against such attacks, administrators are advised to use complex passwords, regularly update them, keep security software current, and implement firewalls to restrict external access to publicly accessible database servers.