TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Cyberattacks Targeting South Africa, January through June 2021

2021-09-11 · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
77%
"an xml configuration file that is fetched by an infected machine to get command - and - control instructions. 1 lastly, the / stalker _ portal / scans point to attempts to find open ministra tv internet protocol television ( iptv ) apis. ministra tv, also known as stalker portal,…"
T1071.001Web Protocols
70%
"traffic source countries, organizations, services, and ip addresses. top source traffic countries analyzing the geographical sources of the ip addresses, malicious requests came from the following countries, in order : the united states, china, germany, estonia, russia, the u. k.…"
T1190Exploit Public-Facing Application
61%
"has been known for over four years, but attackers still consider it worth targeting. this aligns with what f5 labs has seen over the years regarding the “ long tail ” of exploit scanning. the scanning for open endpoints for an iptv - related api may simply be an attempt to find f…"
T1190Exploit Public-Facing Application
55%
"in scanning, get is expected to be the most common for web probing, and this data set had 55, 471 hits. http posts came in second at 19, 149, and all others at 1, 354, as shown in figure 2. specific targeted web urls one of the most crucial questions for defenders is knowing as m…"

Summary

South Africa’s cyberattack landscape saw targeting of Scryba, PHP, and CVE-2017-9841 web vulnerabilities.