Analysis of Attack Case Installing VPN on Korean ERP Server
released on 2024-06-17 @ 11:19:25 AM
This analysis examines an attack where a threat actor compromised a Korean company's ERP server, initially accessing it through a poorly secured MS-SQL service. The actor installed a web shell, stole credentials, and ultimately set up SoftEther VPN on the server, likely to use it as part of a command-and-control infrastructure. Proper password management and restricting external access could have prevented this incident.