Praying Mantis Targets Microsoft webservers
The team at Sygnia, a cyber technology and services company, has identified a campaign known as Praying Mantis or TG1021. It has targeted major U.S. organizations, compromising their networks by exploiting the internet-facing Windows IIS servers.
The researchers found memory-resident attacks commonly associated with nation-state actors. They suggest patching .NET deserialization vulnerabilities and looking for any suspicious activities on web-facing servers. This will prevent the attackers from manipulating serialized objects, restricting the transfer of harmful data into the application code.
According to Sygnia, the observation in this regard is that Praying Mantis is smart in terms of familiarity with Windows IIS Software. It utilized a customized malware framework and is capable of intercepting and handling HTTP requests made to the servers running older versions of ASP.NET apps. The threat actor performed the desired tasks through efficient strategies and a backdoor along with post-exploitation modules for discovering information, getting access to user credentials, and moving deeper into the network.
Sygnia further points out that Praying Mantis’ techniques are similar to Copy-Paste Compromises, detected in June 2020 by the Australian Cyber Security Centre. The attacker targeted both public and private sector organizations in Australia.
The cybersecurity specialists believe that the hacker group of Praying Mantis is linked to some state-sponsored entity, as evident from their tactics. The victims included high-profile U.S. entities.
This year Microsoft has been in the limelight for a lot of attacks. They have experienced attacks by the Chinese, who stole emails from organizations across the United States. Then there was the use of Synnex to gain access to customer applications within the Microsoft cloud environment. Furthermore, there was the SolarWinds attack affecting many companies and organizations.
In light of these, Microsoft is experiencing an increase in demand in its cybersecurity practices and is therefore paying huge emphasis to maintain its momentum in this vital area.
