Shining a Light in the Dark – How Binary Defense…

Binary Defense and TrustedSec describe an intrusion in which a China-nexus threat actor compromised three publicly accessible AIX servers (using default Apache AXIS admin credentials), uploaded an AxisInvoker web shell, staged FRP reverse proxy and SSH keys for persistence, conducted Active Directory reconnaissance and NTLM relay, and attempted to dump LSASS on a Windows host in August 2024; detection in the managed Windows environment prevented full credential exfiltration. The report catalogs IOCs and TTPs, highlights shadow IT and unmanaged legacy systems as attack vectors, and recommends comprehensive asset visibility and managed detection and response.