Attackers Exploit WDigest Vulnerability to Harvest Plaintext Credentials
ID: 8ba93fde-2f7e-59db-99f1-c393fa81f527
STIX ID: report--8ba93fde-2f7e-59db-99f1-c393fa81f527
Feed Name: ThreatCluster
A multi-stage intrusion targeted IIS servers by exploiting Adobe ColdFusion vulnerabilities (CVE-2023-26360, CVE-2023-29298, CVE-2023-29300) to deploy a steganographic webshell, run a defense-impairment script that disabled logging and security services, and harvest plaintext credentials using Mimikatz; attackers altered Microsoft Defender settings and conducted data exfiltration, returning to compromised servers after initial remediation, highlighting risks from unpatched systems and insufficient logging.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
