Intel Name: Unmasking the new persistent attacks on japan
Date of Scan: March 11, 2025
Impact: Medium
Summary: “Unmasking the new persistent attacks on Japan” reveals an ongoing cyber campaign targeting Japanese organizations across various sectors across various business verticals, including technology, telecommunications, entertainment, education, and e-commerce, based on our analysis of command and control (C2) server artefacts. The attackers exploited the CVE-2024-4577 vulnerability in PHP to gain initial access, using Cobalt Strike plugins for post-exploitation. They deployed adversarial tools via Alibaba cloud containers, aiming to steal credentials, establish persistence, and escalate privileges, signaling potential future attacks.
