{"id":92,"date":"2022-03-09T23:11:00","date_gmt":"2022-03-09T22:11:00","guid":{"rendered":"http:\/\/linowebserver.org\/?p=92"},"modified":"2022-03-10T22:18:01","modified_gmt":"2022-03-10T21:18:01","slug":"hackers-fork-open-source-reverse-tunneling-tool-for-persistence","status":"publish","type":"post","link":"https:\/\/linowebserver.org\/index.php\/2022\/03\/09\/hackers-fork-open-source-reverse-tunneling-tool-for-persistence\/","title":{"rendered":"Hackers fork open-source reverse tunneling tool for persistence"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups.

Although no concrete connection between groups has been uncovered, the operational tactics, targeting scope, and malware customization capabilities signify a potential connection.

As detailed in a report sent to Bleeping Computer by\u00a0Security Joes<\/a>, the threat actors observed in an attack against one of its clients in the gambling\/gaming industry where a mix of custom-made and readily available open-source tools were used.

The most notable cases are a modified version of Ligolo, a reverse tunneling utility that’s freely available for pentesters\u00a0on GitHub<\/a>, and a custom tool to dump credentials from LSASS.<\/p>more<\/a><\/cite><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups. Although no concrete connection between groups has been uncovered, the operational tactics, targeting scope, and malware customization capabilities signify a potential connection. As detailed in a report sent to Bleeping Computer […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,41],"tags":[],"class_list":["post-92","post","type-post","status-publish","format-standard","hentry","category-news","category-ransomware-attack"],"_links":{"self":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/92","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/comments?post=92"}],"version-history":[{"count":1,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/92\/revisions"}],"predecessor-version":[{"id":94,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/92\/revisions\/94"}],"wp:attachment":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/media?parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/categories?post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/tags?post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}