The group employs a custom ShadowPad IIS Listener module to transform compromised servers into a resilient, distributed relay network. This approach allows attackers to route malicious traffic through victim infrastructure, effectively turning hacked organizations into a mesh of command-and-control nodes. The operation begins by exploiting long-standing vulnerabilities, specifically ASP.NET ViewState deserialization and SharePoint flaws such […]
The post Chinese Hackers Using Custom ShadowPad IIS Listener Module to Turn Compromised Servers into Active Nodes appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: