top of page
  • Clipeus

Previously Unseen Web Shell Targets Afghanistan

On 22 November 2023, Kaspersky's Securelist released a report on a previously unseen web shell that, according to Kaspersky's telemetry, targeted an unspecified entity within the Afghan government.


The Kaspersky report highlights the vector as a dynamic link library (DLL) named hrserv.dll, displaying the ability to initiate in-memory execution and employing anti-forensic techniques.


Variants of this malicious DLL have been identified dating back to 2021, suggesting prolonged development. However, attribution remains unknown. While Kaspersky notes the actor may be financially motivated, the analysis also suggests behavior consistent with an advanced persistent threat, potentially an unidentified state-sponsored actor linked to a government yet to be identified.


Kaspersky's analysis of the malicious code reveals interesting idiosyncrasies, including typos in English language text strings. Additionally, parameters used in the hrserv.dll file specify that the Google search interface should be displayed in English, but the search results should be displayed in Traditional Chinese.

Recent Posts

See All

AcidPour Wiper Targets Linux Devices in Ukraine

A new iteration of the AcidRain wiper malware, dubbed AcidPour, has been identified by SentinelOne's threat intelligence division, SentinelLabs. AcidRain, linked to Russian military intelligence, gain

Comentários


Os comentários foram desativados.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page