Hezbollah-affiliated hacker group Volatile Cedar has reportedly breached more than 250 Oracle and Atlassian servers belonging to telecommunication firms worldwide.
Israeli cyber-security firm Clearsky said that the attacks occurred in early 2020 and affected systems in the US, the UK, Israel, Egypt, Saudi Arabia, Lebanon, Jordan, the Palestinian Authority, and the UAE.
“It seems that the attacks aimed to gather intelligence and steal the company’s databases, containing sensitive data,” said ClearSky.
ClearSky said the attacks were similar to the 2015 and 2020 variants of the Explosive RAT that exploited unpatched Oracle and Atlassian web servers.
Volatile Cedar reportedly used open-source hacking tools to scan the internet for unpatched Atlassian and Oracle servers with (CVE-2019-3396, CVE-2019-11581, and CVE-2012-3152) vulnerabilities before utilizing a Caterpillar web shell and a JSP file browser to deploy the RAT.
“The web shell is used to carry out various espionage operations over the attacked web server, including potential asset location for further attacks, file installation server configuration, and more,” explained Clearsky.
In 2015, Volatile Cedar has been targeting defense contractor firms, telecommunications and media companies, and educational institutions in about 10 countries.
© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.