AhnLab Security Intelligence Center analyzed attacks on Windows web servers during Q2 2025 using their Smart Defense infrastructure. The study focused on poorly managed servers, categorizing attack types and malware strains. It revealed that multiple threat actors often target vulnerable servers simultaneously, exploiting unpatched systems or misconfigurations. Attackers typically use file upload vulnerabilities to deploy web shells and execute commands, but may also exploit framework or Web Application Server weaknesses. The analysis provides detailed statistics on the number of affected systems and the frequency of attacks, offering insights into the current threat landscape for Windows-based web servers. Author: AlienVault
Related Tags:
apache tomcat
web servers
iis
WogRAT
vulnerabilities
remote code execution
T1021.001
T1505.003
T1072
Associated Indicators:
7BE293F546C1A6F503BEC6C57AA256A01C4BF91504F6F1205E3A0DF7B7E90AC4
37BF9A1D95DF82CA50D7467C7C456DC7ED7970BB55710A2BCB084D6DB957186F
818C736A8491DE2EA6361BA938268425193B07B7
6014B987CE6A1CAE02EABF799EF387822C781FD2
A646C67E87109C9FD71A0BAFBAA9B954148E144B
4C8CCDC6F1838489ED2EBEB4978220CB
460953E5F7D1E490207D37F95C4F430A
3F6211234C0889142414F7B579D43C38
06EBEF1F7CC6FB21F8266F8C9F9AE2D9