Foresttiger

Vulnerability updated a month ago (2024-11-29T14:07:42.908Z)
Download STIX
Preview STIX
ForestTiger is a software vulnerability that has been exploited by threat actors, specifically Diamond Fleet, to compromise system security. The flaw in the software design or implementation has enabled the group to execute malicious activities, primarily through PowerShell scripts to download two payloads from seemingly legitimate infrastructure that they had previously compromised. The exploitation of this vulnerability has been methodically planned and executed, demonstrating the advanced capabilities of the threat actor. The attackers have particularly used ForestTiger Backdoor as one of their main tools for exploiting the identified vulnerability. They have been observed compromising TeamCity servers to deploy this persistent backdoor, named after the vulnerability itself. The ForestTiger Backdoor has been used to run scheduled tasks on the compromised systems, further deepening the extent of the breach and enabling the attackers to maintain a steady grip on the infiltrated systems. One of the key malicious activities facilitated by the ForestTiger Backdoor is the dumping of LSASS (Local Security Authority Subsystem Service) credentials from memory. This operation allows the attacker to gain access to sensitive user authentication information, thereby posing a significant threat to data security. The use of ForestTiger vulnerability and its associated backdoor underscores the need for robust cybersecurity measures to protect against such sophisticated threats.
Description last updated: 2024-05-04T21:19:54.877Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Teamcity
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Diamond Sleet Threat Actor is associated with Foresttiger. Diamond Sleet, a threat actor linked to North Korea, has been identified as a significant cybersecurity concern. This group, also known as Selective Pisces, has targeted various sectors including media, defense, and IT organizations. The advanced persistent threat (APT) group is known for its supplyUnspecified
2
Source Document References
Information about the Foresttiger Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more