North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor
Security Affairs
FEBRUARY 25, 2021
Next, the attackers logged in to the web interface using a privileged root account. It’s unknown how the attackers were able to obtain the credentials for that account, but it’s possible the credentials were saved in one of the infected system’s browser password managers.”
Let's personalize your content