New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
27 November 2023
The attack chain involves the PAExec remote administration tool, an alternative to PsExec that's used as a launchpad to create a scheduled task that masquerades as 'MicrosoftsUpdate' which subsequently is configured to execute a Windows batch script.