Israeli cybersecurity firm Sygnia is tracking the advanced, stealthy adversary under the moniker “Praying Mantis” or “TG2021” TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine’s memory and leaves little-to-no trace on infected targets. The threat actor also uses an additional stealthy backdoor and several post-exploitations modules to perform network reconnaissance, elevate privileges, and move laterally.
Source: https://thehackernews.com/2021/08/new-apt-hacking-group-targets-microsoft.html