A previously unreported web shell known as HrServ is believed to have launched an advanced persistent threat (APT) attack against an unidentified government organization in Afghanistan. “Sophisticated features such as custom encoding methods for client communication and in-memory execution” are displayed by the web shell, a dynamic-link library (DLL) called “hrserv.dll,” according to an investigation published this week by Kaspersky security researcher Mert Degirmenci.
Based on the compilation timestamps of these artifacts, the Russian cybersecurity firm claimed to have discovered malware versions that go all the way back to early 2021. Malicious tools that grant remote control over a compromised server are commonly known as web shells. Once uploaded, it gives threat actors the ability to do a variety of post-exploitation tasks, such as lateral movement, server monitoring, and data theft.