Historical OSINT - iPowerWeb Hacked Hundreds of Web Sites Affected
In 2008 it became evident that a widespread malware-embedded attack took place successfully affecting hundreds of iPowerWeb customers potentially exposing hundreds of legitimate Web sites to a multi-tude of malicious software courtesy of a well known Russian Business Network's hosting provider - HostFresh.In this post we'll profile the campaign provide actionable intelligence on the infrastructure behind it and discuss in-depth the tactics techniques and procedures of the cybercriminals behind it. We'll also establish a direct connection between the campaign's infrastructure and the Russian Business Network.
Malicious URL: hxxp://58.65.232.33/gpack/index.php
Related malicious URls known to have participated in the campaign - hxxp://58.65.232.25/counter/getexe.php?h=11 hxxp://58.65.232.25/counter/getfile.php?f=pdf
We'll continue monitoring the campaign and post updates as soon as new developments take place.
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
