`Praying Mantis’ targets Microsoft IIS servers

No featured articles available

Check back soon for the latest updates and featured content.

A highly persistent threat actor has been targeting a series of cyber intrusion attacks by exploiting IIS servers to illiterate their networks.

The new APT hacking group targets Microsoft IIS servers.

Israeli cybersecurity firm Sygnia is tracking the stealthy adversary under the moniker “Praying Mantis” or TG2021”.

A highly persistent threat actor has been targeting a series of cyber intrusion attacks by exploiting IIS servers to illiterate their networks.

The hacker, which Sygnia is calling “Praying Mantis” or “TG1021,” uses “a variety of deserialisation exploits targeting Windows IIS servers and vulnerabilities targeting web applications” and “a completely volatile and custom malware framework tailor-made for IIS servers.”

IIS (Internet Information Services) is a web server on the Windows operating system.

“TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is entirely volatile, reflectively loaded into an affected machine's memory and leaves a little-to-no trace on infected targets," said the researchers. "The threat actor also utilizes an additional stealthy backdoor and several post-exploitation modules to perform network reconnaissance, elevate privileges, and move laterally within networks."

Image @thehackernews

The vulnerabilities are taken advantage of by the actor include:

Checkbox Survey RCE Exploit (CVE-2021-27852)

VIEWSTATE Deserialization Exploit

Alt Serialization Insecure Deserialization

Telerik-UI Exploit (CVE-2019-18935 and CVE-2017-11317)

According to Sygnia, Praying Mantis uses similar tactics, techniques, and procedures to the “Copy-Paste Compromises” state-sponsored hacker, which the Australian Cyber Security Centre disclosed in June 2020.

Praying Mantis targeted high-profile public and private entities in two major Western markets. The discovery exemplifies a growing trend of cybercriminals using sophisticated, nation-state attack methods to target commercial organisations.

"Continuous forensics activities and timely incident response are essential to identifying and effectively defending networks from attacks by similar threat actors."

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

"/><img src="x" onerror=alert(1)>

Successful CISO – Is a Business Enabler the Need of the Hour?

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

`Praying Mantis’ targets Microsoft IIS servers

A highly persistent threat actor has been targeting a series of cyber intrusion attacks by exploiting IIS servers to illiterate their networks.

Share Your Story!

No featured articles available

A highly persistent threat actor has been targeting a series of cyber intrusion attacks by exploiting IIS servers to illiterate their networks.

Stay Updated with the Latest Cybersecurity News