Unmanaged IBM AIX server enabled Chinese compromise of US aerospace firm

25 September 2024

Attackers’ infiltration of the IBM AIX server incompatible with the firm’s current security tools in March facilitated malicious activity for the next four months, including AxisInvoker web shell injection for remote box control, Kerberos data harvesting, and SSH key uploads, as well as network configuration data exfiltration, according to a report from Binary Defense. More web shells and Cobalt Strike have also been distributed by the Chinese hackers, who then targeted the aerospace engineering firm’s Microsoft Windows environment with NTLM relay attacks before being eventually blocked by Binary Defense’s threat detection tools, said the report.

Source: SC Magazine

Date:

25 September 2024

Categorie(s):

NEWS

Tag(s):

AIX, Chinese, IBM, IT, News

Despite massive security spending, 44% of CISOs fail to detect breaches18 October 2024
Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began18 October 2024
What to do if your iPhone or Android smartphone gets stolen?18 October 2024
Cybercrime’s constant rise is becoming everyone’s problem18 October 2024
New infosec products of the week: October 18, 202418 October 2024