Attackers’ infiltration of the IBM AIX server incompatible with the firm’s current security tools in March facilitated malicious activity for the next four months, including AxisInvoker web shell injection for remote box control, Kerberos data harvesting, and SSH key uploads, as well as network configuration data exfiltration, according to a report from Binary Defense. More web shells and Cobalt Strike have also been distributed by the Chinese hackers, who then targeted the aerospace engineering firm’s Microsoft Windows environment with NTLM relay attacks before being eventually blocked by Binary Defense’s threat detection tools, said the report.
Source: SC Magazine