The target victims include companies from many countries, including the United States, United Kingdom, Saudi Arabia, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority. Valuable information was stolen over periods of months and years, ClearSky researchers wrote in a blog posted.
The security firm, which first detected suspicious activity in early 2020, said the attack was based on a modified JSP file browser with a unique string that the adversary used to deploy “Explosive” V4 Remote Access Tool (RAT) or “Caterpillar” V2 WebShell in the victims’ networks. The file was installed in vulnerable Atlassian Jira and Oracle 10g servers. Lebanese Cedar exploited 1-day publicly known vulnerabilities such as CVE-2012-3152 to install the JSP in vulnerable servers.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.