01-28-2021 , 10:24 PM
Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations.
The threat actor likely accessed more than 250 Oracle and Atlassian servers belonging mainly to organizations providing mobile communications and internet-based services.
Also known as Lebanese Cedar, the actor has been active since at least 2012 but fell of the researchers’ radar in 2015. Their operations resurfaced in early 2020 with what security researchers call the BeardStache global campaign, which may have compromised hundreds of companies.
Recon and exploitation
In a report today, cybersecurity company ClearSky says that Lebanese Cedar seems to focus on collecting intelligence and stealing company databases with sensitive information - such as client call records and private data in the case of telecommunications companies.
According to the researchers, the threat actor makes reconnaissance efforts to select their victims and relies on public tools to find them. They use URI Brute Force tools (GoBuster and DirBuster) to look for open directories that could allow a web shell injection.
Source
The threat actor likely accessed more than 250 Oracle and Atlassian servers belonging mainly to organizations providing mobile communications and internet-based services.
Also known as Lebanese Cedar, the actor has been active since at least 2012 but fell of the researchers’ radar in 2015. Their operations resurfaced in early 2020 with what security researchers call the BeardStache global campaign, which may have compromised hundreds of companies.
Recon and exploitation
In a report today, cybersecurity company ClearSky says that Lebanese Cedar seems to focus on collecting intelligence and stealing company databases with sensitive information - such as client call records and private data in the case of telecommunications companies.
According to the researchers, the threat actor makes reconnaissance efforts to select their victims and relies on public tools to find them. They use URI Brute Force tools (GoBuster and DirBuster) to look for open directories that could allow a web shell injection.
Source