Attackers obtain remote code execution through abuse of SQL-server environments (exploitation, SQL injection, or credential compromise) and attempt to install web shells. When detection (e.g., endpoint AV) blocks the web-shell stage they escalate to a multi-stage DLL loader ch...

Attackers obtain remote code execution through abuse of SQL-server environments (exploitation, SQL injection, or credential compromise) and attempt to install web shells. When detection (e.g., endpoint AV) blocks the web-shell stage they escalate to a multi-stage DLL loader ch...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/passiveneuron-campaign-espionage-campaign-targeting-windows-server-environments