Microsoft Web Servers Targeted By Hacker ‘Praying Mantis’: Cybersecurity Firm
Cybersecurity firm Sygnia said that the threat actor’s campaign focused on Windows IIS servers, and has involved a ‘custom malware framework tailor-made for IIS servers.’ By Wade Tyler Millward August 02, 2021, 05:42 PM EDT
A new threat actor is targeting Microsoft Windows web servers, suggesting that users should patch .NET deserialization vulnerabilities and look for suspicious activity on web-facing Microsoft Internet Information Services servers, according to cybersecurity technology and services provider Sygnia.
Tel Aviv-based Sygnia recently issued a report stating that researchers found “an advanced memory-resident attack commonly associated with nation-state actors.”
A new threat actor is targeting Microsoft Windows web servers, suggesting that users should patch .NET deserialisation vulnerabilities and look for suspicious activity on web-facing Microsoft Internet Information Services servers, according to cybersecurity technology and services provider Sygnia.
Tel Aviv-based Sygnia recently issued a report stating that researchers found “an advanced memory-resident attack commonly associated with nation-state actors.”
The hacker, which Sygnia is calling “Praying Mantis” or “TG1021,” uses “a variety of deserialisation exploits targeting Windows IIS servers and vulnerabilities targeting web applications” and “a completely volatile and custom malware framework tailor-made for IIS servers.”
IIS (Internet Information Services) is a web server on the Microsoft .NET platform on the Windows operating system.