Microsoft has unveiled a sweeping cyber threat posed by a sophisticated Chinese botnet, Quad7, targeting organizations worldwide through advanced password spray attacks. Operated by a group identified as Storm-0940, this campaign primarily aims at high-value entities, including think tanks, government organizations, NGOs, law firms, and the defense industry, with espionage as its primary objective.
Microsoft researchers report that Storm-0940 employs stolen credentials to establish persistent access, facilitating deeper intrusions and more extensive cyber espionage. The botnet’s initial actions include harvesting credentials and deploying remote access trojans (RATs) and proxies to maintain long-term access, enhancing the group’s ability to conduct disruptive attacks.
The infiltration tactics of Quad7 stand out for their precision and stealth. According to Microsoft, Storm-0940 relies on a separate covert network, CovertNetwork-1658, to submit a limited number of sign-in attempts across multiple accounts within targeted organizations.
In most cases — around 80 percent — CovertNetwork-1658 limits attempts to just one per account per day, minimizing the likelihood of detection. Once a password is successfully guessed, Storm-0940 quickly moves to compromise the system further, sometimes completi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: