Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Attackers Exploit Flaw to Target Japan

March 7, 2025
Reading Time: 2 mins read
in Alerts
AI Tools Fuel Nonconsensual Porn Creation

A malicious campaign has been targeting organizations in Japan since January 2025, attributed to an unknown threat group. The attackers exploited the CVE-2024-4577 vulnerability, a remote code execution flaw in PHP-CGI on Windows systems. This flaw allowed the threat actors to gain initial access to victim machines, enabling the execution of PowerShell scripts. The attackers used the publicly available Cobalt Strike kit, specifically the “TaoWu” plugin, for post-exploitation activities to maintain control.

Once the attackers gained access, they deployed reverse HTTP shellcode payloads using PowerShell scripts to provide persistent remote access. They conducted reconnaissance, privilege escalation, and lateral movement using tools like JuicyPotato, RottenPotato, and SweetPotato. These tools allowed them to escalate privileges and explore the network for additional targets. Persistence was further ensured through custom services, Windows Registry modifications, and scheduled tasks. This ensured the attackers remained undetected in the compromised environment.

In addition to lateral movement and privilege escalation, the attackers removed traces of their actions by erasing event logs from the victim’s machine.

They used wevtutil commands to clear the security, system, and application logs, maintaining stealth. Following this, the attackers executed Mimikatz commands to dump passwords and NTLM hashes from the compromised system’s memory. The stolen credentials were then exfiltrated to the attackers, providing them with valuable access to the victim’s resources and network.

Further analysis of the Cobalt Strike command-and-control servers revealed that directories containing the full suite of adversarial tools were publicly accessible.

These tools, hosted on Alibaba cloud servers, included BeEF, Viper C2, and Blue-Lotus, which enabled the attackers to execute commands, perform cross-site scripting (XSS) attacks, and steal browser cookies. The discovery of these tools suggests that the attackers’ motives extend beyond credential harvesting, with the possibility of more extensive attacks in the future. The attackers have gained significant access to various adversarial frameworks, increasing the likelihood of future exploitation.

Reference:
  • Malicious Campaign Targets Japanese Organizations with Cobalt Strike Exploits
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial