Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
released on 2022-06-06 @ 10:15:59 AM
In this multi-day intrusion, we observed a threat actor gain initial access to an organization by exploiting a vulnerability in ManageEngine SupportCenter Plus. The threat actor, discovered files on the server and dumped credentials using a web shell, moved laterally to key servers using Plink and RDP and exfiltrated sensitive information using the web shell and RDP.