Microsoft issued a warning about the new threat groups called GALLIUM that attack Telecommunication providers by exploiting the internet-facing services vulnerabilities in WildFly/JBoss. Initially, Threat actors using publicly available exploits to attack the internet-facing services to gain persistence in the target network, later it using the common tools and techniques to steal the network credentials to move further deep into the network. GALLIUM threat group activities observed between 2018 to mid-2019, and their activities are still being observed in wide, but activity levels have dropped when compared to the previous attacks. GALLIUM groups are widely known as using publicly available tools, and malware with the small modification to attack the target, and they are not attempting to obfuscate their malware or tools. Tools and Malware used by GALLIUM Microsoft observed the following tools and malware are mainly used by the GALLIUM threat group. Tool Purpose HTRA...
The Hacks001 blog is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.