Discovered by Check Point Research (CPR) and Sygnia’s Incident Response Team, the campaign peaked in mid-2023 and has reportedly flown under the radar for at least a year. Writing in an advisory published earlier today, the CPR team said Scarred Manticore has a history of targeting high-value organizations, using various Internet Information Services (IIS)-based backdoors to infiltrate Windows servers.

Source: Infosecurity