The China-linked cyber espionage group tracked asAPT41has been attributed to a new campaign targeting government IT services in the African region.
"The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware," Kaspersky researchers Denis Kulik and Daniil Pogorelovsaid. "One of the C2s [command-and-control servers] was a captive SharePoint server within the victim's infrastructure."
APT41 is the monikerassignedto a prolific Chinese natio...
SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers
SentinelOne
6 hours ago
SentinelOne shares distinct attack clusters and a detailed timeline of events on an active exploit of the ToolShell 0-day in MS SharePoint....
