216.73.216.86

Deserialization of VIEWSTATE: how an “unpatched” vulnerability plays into the hands of pro-government groups

· Published 20/05/2024 10:05 · Modified 21/05/2024 08:05

Export JSON

Essential information

Published
20/05/2024 10:05
Modified
21/05/2024 08:05
Tags
2024-05-20 apt asp cybercrime telco viewstate
Related entities
9 observables, 1 intrusion sets (apt), 6 techniques (mitre), 2 others

Description

At the end of 2023, the Solar 4RAYS team was investigating an attack on a Russian telecom company by an Asian advanced persistent threat () group named Obstinate Mogwai (translated as "Stubborn Demon" in English). This group was persistent, repeatedly infiltrating the network until all entry points were secured. They exploited a well-known vulnerability related to untrusted data deserialization in the parameter of the .NET environment, referred to as deserialization.

External references