Novel Use of "mount" Spotted in Hikvision Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Attackers are exploiting CVE-2021-36260, a command injection vulnerability in Hikvision devices, using a novel technique involving the 'mount' command as a GTFOBin. This method allows them to mount a remote NFS share and execute malicious files, bypassing common network signatures. The technique has been added to VulnCheck's go-exploit framework. The attacks originate from specific IP addresses and utilize Mirai-like payloads. Over one million potentially vulnerable internet-facing targets are still exposed, making this exploit highly viable for internal pivots or building proxy networks. Advanced threat actors like Flax Typhoon and Fancy Bear have been associated with exploiting this vulnerability.
OPENCTI LABELS :
mirai,command injection,nfs,go-exploit,mount,gtfobin,hikvision,cve-2021-36260
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Novel Use of "mount" Spotted in Hikvision Attacks