all InfoSec news
Distribution of Remcos RAT Exploiting sqlps.exe Utility of MS-SQL Servers
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab Security Emergency response Center (ASEC) has recently discovered the case of Remcos RAT being installed on poorly managed MS-SQL servers.
Unlike the past attack, the recent case showed the threat actor using sqlps to distribute the malware. Sqlps is SQL Server PowerShell and is included in the SQL Server installation procedure[1]. SQL Server Powershell allows users to use the Powershell cmdlet which is needed to manage SQL Server instances. The attacker exploited this trait in distributing the …
actor ahnlab asec attack case center distribution emergency exploiting malware malware analysis managed ms-sql powershell rat remcos remcos rat response security server servers sql sql server sql servers threat threat actor utility