A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET applications to deploy fileless malware. Dubbed Praying Mantis, or TG1021, the hacker group puts a strong focus on detection evasion by using a volatile and custom malware toolset built specifically for Internet Information Services (IIS) web servers to perform credential harvesting, reconnaissance and lateral movement. The group also exploited a vulnerability in a Checkbox application that allows website owners to implement user surveys.”]