Tag: web servers

4 Attack Reports | 0 Vulnerabilities

Attack reports

Statistics Report on Malware Targeting Windows Web Servers in Q2 2025

AhnLab Security Intelligence Center analyzed attacks on Windows web servers during Q2 2025 using their Smart Defense infrastructure. The study focused on poorly managed servers, categorizing attack types and malware strains. It revealed that multiple threat actors often target vulnerable servers si…
windows
remote code execution
iis
web servers
vulnerabilities
web shells
apache tomcat
2025-08-08
wograt
Published: August 8, 2025
Downloadable IOCs: 4

Analysis of Lazarus Group's Attack Targeting Windows Web Servers

The Lazarus group has been targeting Windows web servers, particularly in South Korea, installing webshells and C2 scripts to use compromised servers as proxies. The attacks involve multiple stages, including the use of LazarLoader malware and privilege escalation tools. The C2 scripts act as proxi…
windows
privilege escalation
webshell
iis
uac bypass
web servers
2025-03-11
c2 proxy
lazarloader
Published: March 11, 2025
Downloadable IOCs: 0

Code injection attacks using publicly disclosed ASP.NET machine keys

An unattributed threat actor has been observed exploiting publicly disclosed ASP.NET machine keys to perform ViewState code injection attacks, delivering the Godzilla post-exploitation framework. Over 3,000 publicly disclosed keys have been identified as potentially vulnerable to this attack method…
viewstate
godzilla
post-exploitation
iis
web servers
code injection
2025-02-06
asp.net
machine keys
Published: February 6, 2025
Downloadable IOCs: 0

Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave

The Androxgh0st botnet, active since January 2024, has evolved to incorporate Mozi botnet payloads, expanding its attack surface from web servers to IoT devices. It exploits vulnerabilities in various platforms, including Cisco ASA, Atlassian JIRA, and PHP frameworks, utilizing remote code executio…
iot
botnet
credential theft
CVE-2024-4577
vulnerability exploitation
CVE-2018-10562
CVE-2018-10561
androxgh0st
remote code execution
routers
CVE-2022-1040
mozi
CVE-2022-21587
CVE-2024-36401
CVE-2021-41277
CVE-2023-1389
CVE-2021-26086
CVE-2014-2120
2024-11-12
web servers
persistent access
Published: November 12, 2024
Linked vulnerabilities : CVE-2024-4577 (CVSS 9.8), CVE-2021-41773, CVE-2018-15133, CVE-2017-9841, CVE-2022-1040, CVE-2021-41277, CVE-2018-10562, CVE-2014-2120, CVE-2021-26086, CVE-2024-36401, CVE-2022-21587, CVE-2018-10561, CVE-2023-1389
Downloadable IOCs: 10
Click here to see more Attack Reports