2022-02-22

Emissary Panda Attack Insight

Level: 
Tactical
  |  Source: 
HVS-Consulting
Share:

Emissary Panda Attack Insight

Industry: N/A | Level: Tactical | Source: HVS-Consulting

A case study was provided by HVS Consulting's report, detailed a nine-month campaign threat group, Emissary Panda conducting in three distinct phases;

  1. Initial compromise with privilege escalation, lateral movement and data exfiltration
  2. Maintaining persistence and moving through the environment
  3. Attackers collecting and exfiltrated additional data

HVS, assessed major vulnerabilities for 2021 including ProxyLogon, Confluence and Log4Shell. ProxyLogon became the more widely exploited vulnerability following the discovery of additional Exchange vulnerabilities such as ProxyShell. Threat actors that have exploited Exchange vulnerabilities included Hafnium, Emissary Panda, Fancy Bear and Winnti Group.

  • Anvilogic Scenario: APT27/Emissary Panda
  • Anvilogic Use Cases:
  • Potential ProxyShell
  • Potential Confluence: CVE-2021-26084
  • Potential CVE-2021-44228 - Log4Shell
  • Msiexec Abuse
  • New AutoRun Registry Key

Get trending threats published weekly by the Anvilogic team.

Sign Up Now