Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike
A threat actor known as ‘Blue Mockingbird’ targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The flaw leveraged by the attacker is CVE-2019-18935, a critical severity (CVSS v3.1: 9.8) deserialization that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. The same threat actor was seen targeting vulnerable Microsoft IIS servers that used Telerik UI in May 2020, by which time a year had passed since security updates were made available by the vendor. Surprisingly, Sophos researchers reported today that Blue Mockingbird is still leveraging the same flaw to launch cyberattacks, according to their detection data.
Read more about it: here