Code injection attacks using publicly disclosed ASP.NET machine keys
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An unattributed threat actor has been observed exploiting publicly disclosed ASP.NET machine keys to perform ViewState code injection attacks, delivering the Godzilla post-exploitation framework. Over 3,000 publicly disclosed keys have been identified as potentially vulnerable to this attack method. The attack chain involves crafting malicious ViewState data using stolen keys, sending it to the target website via POST request, and executing malicious code on the IIS web server. Microsoft recommends against using publicly available keys, regular key rotation, and provides detection and mitigation strategies. Affected organizations should investigate for possible backdoors or persistence methods established by threat actors.
OPENCTI LABELS :
godzilla,viewstate,post-exploitation,iis,web servers,code injection,asp.net,machine keys
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Code injection attacks using publicly disclosed ASP.NET machine keys