Blog | G5 Cyber Security

Attackers Now Using Honeypots to Trap Researchers

A group of researchers at The Last Line of Defense gained access to a remote server used to help control the EFTPS malware. The attack crew apparently anticipated this and set up a phony login interface, complete with a weak username and password and a simple SQL-injection vulnerability. The console clearly is meant to attract researchers, and perhaps other attackers, to poke around and allow the crew behind the malware to observe their movements and methods. The admin console also has a feature that allows remote users to upload new bots, a tactic evidently designed to entice other attackers to try and compromise the server.

Source: https://threatpost.com/attackers-now-using-honeypots-trap-researchers-110410/74639/

Exit mobile version