Between 29 May 2019 – 2 June 2019, CYFIRMA Threat Intelligence have observed Korean and Mandarin speaking hackers showing intense interest in NGINX Webserver in hackers community.
Under the active campaign: “LongNeck”, a global reconnaissance exercise was carried out by hackers to discover systems susceptible to vulnerabilities in NGNIX webserver/reverse proxy system. Hackers have successfully built the exploit: “Face-NGINX” to target the susceptible systems.
The primary motive of the exploit is to exfiltrate sensitive data along with carrying out operational disruption and reputational damage.
On 13th November 2018, CTI has observed hacker conversations in Dark web suggesting global reconnaissance namely “NGUME” and “LongNeck” to identify vulnerable NGINX web servers. We also suspect that malware authors are building a Denial of Service exploit, named Face-NGINX.
CYFIRMA Risk Rating for this Out of Band Notification is: LOW
Analysis of captured hackers’ footprints and correlation with external threat vectors indicate that this is a potential threat, and your organization is advised to take precautionary measures as highlighted in this report.
If you would like to read the report, please take a moment to complete the following form.