New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

A previously unreported web shell known as HrServ is believed to have launched an advanced persistent threat (APT) attack against an unidentified government organization in Afghanistan. “Sophisticated features such as custom encoding methods for client communication and in-memory execution” are displayed by the web shell, a dynamic-link library (DLL) called “hrserv.dll,” according to an investigation published this week by Kaspersky security researcher Mert Degirmenci.

Based on the compilation timestamps of these artifacts, the Russian cybersecurity firm claimed to have discovered malware versions that go all the way back to early 2021. Malicious tools that grant remote control over a compromised server are commonly known as web shells. Once uploaded, it gives threat actors the ability to do a variety of post-exploitation tasks, such as lateral movement, server monitoring, and data theft.

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

25-Nov-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address