VERY IMPORTANT

Lebanese Cedar is an APT group that has been operating for almost a decade attacking companies and organizations around the world. The group's main attack vector is intrusion into Oracle and Atlassian WEB servers. We assess that the intrusion into these systems was done by exploiting known vulnerabilities in systems that were not patched and detecting loopholes using open-source hacking tools. In early 2020, suspicious network activities and hacking tools were found in a range of companies. Comprehensive forensic research of the infected systems revealed a strong connection to Lebanese Cedar and a new version of the "Explosive” V4 RAT (Remote Access Tool) or "Caterpillar" V2 WebShell was found within the victim’s networks.