Jason Killam
@suspiciouslink.bsky.social
Detection Engineer @ Red Canary
https://github.com/killamjr
https://github.com/killamjr
Reposted by Jason Killam
2024-12-13 (Friday): www.anceltech[.]com compromised with #SmartApeSG leading to #NetSupport #RAT 2 injected scripts. jitcom[.]info and best-net[.]biz.
Pivoting on best-net[.]biz in URLscan show signs of six other compromised sites: urlscan.io/search/#best...
#NetSupportRAT
Pivoting on best-net[.]biz in URLscan show signs of six other compromised sites: urlscan.io/search/#best...
#NetSupportRAT
December 13, 2024 at 6:56 PM
2024-12-13 (Friday): www.anceltech[.]com compromised with #SmartApeSG leading to #NetSupport #RAT 2 injected scripts. jitcom[.]info and best-net[.]biz.
Pivoting on best-net[.]biz in URLscan show signs of six other compromised sites: urlscan.io/search/#best...
#NetSupportRAT
Pivoting on best-net[.]biz in URLscan show signs of six other compromised sites: urlscan.io/search/#best...
#NetSupportRAT
Reposted by Jason Killam
There's currently what looks to be a credential stuffing attack ongoing against Fortinet SSLVPN devices. Seeing a lot of failed login attempts on port 10443. It's unclear where the credentials came from, but they're not in any public database from what I can see.
November 12, 2024 at 11:55 PM
There's currently what looks to be a credential stuffing attack ongoing against Fortinet SSLVPN devices. Seeing a lot of failed login attempts on port 10443. It's unclear where the credentials came from, but they're not in any public database from what I can see.