Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware

A threat actor exploited an unpatched Confluence server using CVE-2023-22527, gaining initial access. They used Metasploit for command and control, then installed AnyDesk for persistent remote access. The attacker performed extensive network discovery, attempted privilege escalation using various techniques, and harvested credentials with tools like Mimikatz. They moved laterally using compromised domain admin credentials, accessing multiple systems via RDP and WMI. The intrusion culminated in the deployment of ELPACO-team ransomware, a Mimic variant, on key servers approximately 62 hours after initial access. While ransomware was deployed and some logs deleted, no significant data exfiltration was observed.

Pulse ID: 682aeeb0cc1b99346ea53ce7
Pulse Link: https://otx.alienvault.com/pulse/682aeeb0cc1b99346ea53ce7
Pulse Author: AlienVault
Created: 2025-05-19 08:41:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #Confluence #CyberSecurity #InfoSec #Mimic #OTX #OpenThreatExchange #RAT #RDP #RansomWare #bot #AlienVault

@nsysteme @expertenkommision_cyberunfall @gborn Okay, #RustDesk muss ich mir mal ansehen...

https://rustdesk.com/de/

Sieht jedenfalls nach nem #AnyDesk-Ersatz aus und damit auch granularer mit Rechte-Managment & Co.

Saw #Anydesk #Flatpak has been updated to version 7, from 6.4. Straight away looked up its changelog hoping to see the word, #Wayland, but not a single mention to be seen >:D

🔗 https://anydesk.com/en/changelog/linux

Remote-Software: AnyDesk 9.5.2 für Windows behebt zahlreiche Fehler https://www.computerbase.de/news/apps/remote-software-anydesk-9-5-2-fuer-windows-behebt-zahlreiche-fehler.92550/ #anydesk #remotesoftware

RustDesk is an open-source, full-featured remote control software designed for self-hosting and security, offering a user-friendly alternative to commercial remote desktop solutions like TeamViewer or AnyDesk. It allows users to access and control other computers remotely, even behind firewalls or NATs, without needing additional tools like VPNs or port forwarding.

https://rustdesk.com/

#Rust #rustdesk #TeamViewer #AnyDesk #VPN

AnyDesk’s new license model means existing customers must switch when their current plan ends-costs now depend on simultaneous connections, not users. Many may pay more for less, so review your needs and options before renewal! #RemoteAccess #AnyDesk

https://pupuweb.com/is-anydesks-new-license-model-a-costly-change-for-existing-customers/

Navigating Through The Fog

An open directory linked to a Fog ransomware affiliate was discovered, containing tools for reconnaissance, exploitation, lateral movement, and persistence. Initial access was gained through compromised SonicWall VPN credentials, while other tools facilitated credential theft and exploitation of Active Directory vulnerabilities. Persistence was maintained via AnyDesk, automated by a PowerShell script. Sliver C2 executables were used for command-and-control operations. The victims spanned multiple industries across Europe, North America, and South America, highlighting the affiliate's broad targeting scope. The toolkit included SonicWall Scanner, DonPAPI, Certipy, Zer0dump, and Pachine/noPac for various attack stages.

Pulse ID: 680f0738479d23f04a10d198
Pulse Link: https://otx.alienvault.com/pulse/680f0738479d23f04a10d198
Pulse Author: AlienVault
Created: 2025-04-28 04:42:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #Europe #InfoSec #NorthAmerica #OTX #OpenThreatExchange #PowerShell #RAT #RansomWare #Sliver #SouthAmerica #VPN #bot #AlienVault

New #dfirreport available on their Website

https://thedfirreport.com/2025/04/28/navigating-through-the-fog/

#threatintel #anydesk #lolrmm #certipy #Zerologon #sonicwall #blueteam #defense #sliverC2 #cybersecurity #itsec

einmal Danke an die Entwickler*innen von #AnyDesk

wieder einmal beim PC bedienen helfen können, ohne vor Ort sein zu müssen.

@jerry Given you're an infosec specialist & i'm not, i fear my reply will be far too low-tech & off-topic for your intentions in this poll. So, fwiw...

• #AnyDesk & #RustDesk have worked well for me for years when i connect my #ArchLinux #KDE #Wayland pc to my dad's win10 pc to do remote support
• AD & RD also work well connecting my Arch pc to my other Linux pc's IF i run their penguins in Xorg... but are incompatible with Wayland remote targets [this is now a major problem for me]
• #TeamViewer does support Wayland Hosts & Remotes, but i HATE using it & wish i could purge it!
• I would love to use #FOSS options like #Remmina, or #Krfb + #KRDC, but am too stupid to understand how to tell them the applicable network addresses, so i've never managed to get them working

Kinda sad how this #Ad is actually #PSA and should be unsarcastically followed.

https://www.youtube.com/watch?v=6MUrF_G7KlM

#RoboDogs #Cyberfacism #Facism #SlaughterBots #PoliceState #Robots #RobotDogs #SlaughterBot #Robot #Safety #SelfDefense #SERE #Training #Safety #Hoog #Advertising #AnyDesk #RemoteWork #RemoteDesktop #Apocalypse #Sarcasm #Ads

@andrewwet no es #FOSS pero una alternativa gratuita es #AnyDesk

Remote-Software: AnyDesk für diverse Systeme in neuer Version erschienen https://www.computerbase.de/news/apps/remote-software-anydesk-fuer-diverse-systeme-in-neuer-version-erschienen.92052/ #anydesk

👆 see above for full poster

Branch🧵 4/

#StandWithUkraine

Closer view of #GradeF / #DiggingInList companies…

#AntaSports
#AntalInternational, a/k/a #Antal
#AnyDeskSoftware, a/k/a #AnyDesk
#AristonGroup, a/k/a #Ariston, #ARIS
#AuchanRetail, a/k/a #Auchan

#YaleCeliList, #YaleSOM: https://som.yale.edu/story/2022/over-1000-companies-have-curtailed-operations-russia-some-remain

#Russia is #BrandUnsafe

この画面を見たら即、操作中断を！ 親切を装って「遠隔操作アプリ」をインストールさせようとする手口に要注意【読めば身に付くネットリテラシー】 - INTERNET Watch
https://internet.watch.impress.co.jp/docs/column/netliteracy/2000035.html

『「よく分からないけど親切に説明してくれているから」と言いなりになってアプリをインストールしてしまうのではくなく、「インストールするように言われたこのアプリは危ない！　前に見たやつだ！」と気付くことができれば、詐欺の被害を回避できる可能性が大きく高まります。今回は、代表的な遠隔操作アプリを、実際の画面写真とともに紹介』

#TeamViewer #Anydesk

برامج التحكم عن بُعد: دليل شامل للمقارنة بين RustDesk وAnyDesk وTeamViewer

#أدوات_عن_بعد #RustDesk #AnyDesk #TeamViewer #مفتوح_المصدر #Gnutux

https://wp.me/p9aAZ6-c5

Hi @gborn gibt es eigentlich neue Erkenntnisse zum Thema Anydesk? Da gab es ja mal ein miesen Hack bzw kompromittierte Pakete oder Infrastruktur. Sind die wieder sicher? Wie ist die Einschätzung? #security #AnyDesk

Falls ihr #Ubuntu #Linux oder #LinuxMint benutzt und auch #AnyDesk habt, wirft die #Aktualisierungsverwaltung u.U. einen Fehler aus "...[bla] Überprüfen Sie Ihre Internetverbindung".
#Lösung: Anydesk-Paketquelle erneuern:
https://deb.anydesk.com/howto.html

@sesom42 .... ich wollte eben über #AnyDesk ranten 🙈