Hacker 'Praying Mantis' targets Microsoft web servers, says Sygnia

Somya Bansal

August 2, 2021

According to Sygnia, a cybersecurity technology and services provider, the hacker “Praying Mantis” or ”TG1021” is targeting Windows Internet Information Services(IIS) servers using a variety of deserialization exploits, web applications using vulnerabilities and a completely volatile and custom malware framework tailor-made for IIS servers. The Tel Aviv-based firm also suggested that users should patch .NET deserialization vulnerabilities and look for suspicious activity on web-facing Microsoft IIS servers. The NodellSWeb, the malware dubbed by Sygnia, is highly familiar with the Windows IIS software and equipped with zero-day exploits. It intercepts and handles HTTP requests the server receives, adding backdoor and post-exploitation modules for network reconnaissance, credential harvesting and moving laterally inside of networks. The state-sponsored hacker “Copy-Paste Compromises” used similar tactics, techniques and procedures. High-profile public and private entities in major Western markets were targeted by Praying Mantis which was followed by attacks on commercial organisations allegedly sponsored by other nations. Microsoft channel partners must turn to other vendors for high level protection to customers even with the large portfolio of security products and services. Having a robust cybersecurity portfolio without overpromising are the requirements for managed service providers in 2021. A flurry of high-profile attacks were seen by the Microsoft products this year. Microsoft is seeing “accelerated demand” for its “end-to-end” cybersecurity solutions. This has helped gained recognition from analysts in more categories than any other vendor. Satya Nadella said that the Microsoft’s momentum around security is reflected in their sales growth.

Abridged fromThe CRN