A new kind of malware is on the prowl and is reportedly targeting Microsoft Web Servers. According to a security report released by Cybersecurity firm Sygnia a hacking group/individual named ‘Praying Mantis’ or ‘TG1021’ is behind the spread of the malware campaign that is seen exploiting Windows Internet Information Services (IIS) servers that work on Microsoft. NET Platform on the Windows Operating Systems.
Israel-based company Sygnia is urging Windows IIS server users to go for the patch of .NET deserialization vulnerabilities and keep a tab on any suspicious activity on their web servers.
As the cyber criminals are seen launching advanced memory resident attacks, Sygnia researchers suspect the involvement of a state sponsored intelligence behind the incident.
Australian Cyber Security Centre was the first to discover the attack in June 2020 and tagged is as a “Copy Paste compromise” strategy used by a hacking group from Asia.
So far, Praying Mantis has targeted companies operating only in West and that too those belonging to production and manufacturing stream.
Microsoft seems to have become a soft target for cyber criminals from the past few months. For instance, the March 2021 attack that involved Chinese hackers taking down Microsoft Exchange Server through various vulnerabilities. Their aim was to steal classical info stored in emails and reportedly accessed info from at least 30k organizations across North America.
Last year, the Russia sponsored cyber attack on SolarWinds software led to the exploit of Microsoft’s various service platforms in numerous ways.