APT35 Automates Initial Access Using ProxyShell
released on 2022-03-21 @ 11:22:17 AM
Security researchers observed the initial exploitation of ProxyShell vulnerabilities followed by some further post-exploitation activity, which included web shells, credential dumping, and specialized payloads. Researchers assess that this activity was related to APT35 due to the TTP’s mirroring previously reported activity that was attributed to the group.