![]() The group is often opportunistic in its targeting: they scan the Internet to find servers and devices, making organizations with vulnerable and detectable servers and devices susceptible to these attacks. These organizations are also linked to Najee Technology Hooshmand (ناجی تکنولوژی هوشمند), located in Karaj, Iran, according to investigations. The DEV-0270 cluster is being operated by a well-known Iranian company under two aliases: Secnerd ( secnerdir) and Lifeweb ( lifewebit). ![]() Microsoft says this group of attackers is a branch of the Iran-backed “Phosphorus” group (also known as Charmin Kitten and APT35) known for targeting high-profile victims linked to governments, NGOs and advocacy organizations around the world. “powershell.exe” /c Get-WMIObject Win32_NTDomain | findstr DomainController For domain controller discovery, attackers make use of the following PowerShell and WMI commands:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |