A highly advanced adversary dubbed Hurricane Panda is targeting major infrastructure companies with a zero-day exploit—and it has been since last spring. The timestamp of the attack suggests that the vulnerability has been actively exploited in the wild for at least five months.
CrowdStrike first detected suspicious activity on a 64-bit Windows Server 2008 R2 machine that was attributed to a compromise by the group. It uncovered that the attacks begin with compromising web servers and deploying Chopper webshells, and then escalating privileges using the newly discovered Local Privilege Escalation tool, which exploits a previously unknown vulnerability.Read more
110 Reykjavik, Iceland