NGC4020 Attacks: DameWare Mini Remote Control Vulnerability
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Solar 4RAYS team investigated a cyberattack on an industrial company, uncovering that attackers exploited a vulnerability in DameWare Mini Remote Control to deliver malware and disable security protections. The NGC4020 group initially compromised systems in December 2022 using CVE-2019-3980. They deployed Java-based reverse shells, QuasarRAT, and custom malware to disable antivirus software. The attackers used a stolen expired code-signing certificate to load a malicious kernel driver. While they successfully disabled security controls, an error in task creation prevented further attack progression. The report provides technical details on the malware components and evasion techniques used.
OPENCTI LABELS :
vulnerability,reverse shell,quasarrat,antivirus bypass,dameware
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
NGC4020 Attacks: DameWare Mini Remote Control Vulnerability