Web Shells Lead to ZeroLogon and Application Impersonation Attacks
released on 2021-09-15 @ 11:26:23 AM
FortiGuard Labs recently discovered an unidentified threat actor leveraging ProxyShell exploits using techniques that have yet to be reported. Multiple instances of FortiEDR had detected malicious DLLs in memory, and they uncovered these new techniques while consulting with one of the organizations that had been compromised by ProxyShell. Through active threat hunting, they were then able to determine that other organizations had also been compromised.