Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/zeljkazorz/statuses/113963936592147097">Zeljka Zorz (zeljkazorz@infosec.exchange)'s status on Saturday, 08-Feb-2025 03:14:08 JST</a><a href="https://infosec.exchange/@zeljkazorz" title="zeljkazorz@infosec.exchange"><img src="https://gnusocial.jp/avatar/168521-48-20241001234628.webp" width="48" height="48" alt="Zeljka Zorz" style="position: absolute; left: 0; top: 0;">Zeljka Zorz</a><div><a href="https://gnusocial.jp/notice/8862279" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/105742" title="buherator@infosec.place">buherator</a></li><li><a href="https://gnusocial.jp/user/278335" title="screaminggoat@infosec.exchange">screaminggoat</a></li><li><a href="https://gnusocial.jp/user/326562" title="buherator@infosec.exchange">buherator</a></li></ul></div></section><article><p><a href="https://infosec.place/users/buherator">@buherator@infosec.place</a> <a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> <a href="https://infosec.exchange/@screaminggoat">@screaminggoat</a> </p><p>Symantec says their protection bulletin was prompted by the AhnLab blog post. </p><p>I believe <a href="https://infosec.exchange/@buherator">@buherator</a> is right. Whether Microsoft found a continuation of the same campaign, with a slightly different approach / toolset, is impossible to tell.</p><p>Judging by the capabilities provided by the Godzilla post-exploitation framework and the Godzilla webshell, I wold venture to say that they are one and the same, only Microsoft used that particular expression (and did not elaborate on it, which means they expect the readers to be familiar with it already - i.e., it's known and documented).</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4523789#notice-8862283">In conversation</a><time datetime="2025-02-08T03:14:08+09:00" title="Saturday, 08-Feb-2025 03:14:08 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@zeljkazorz/113963936592147097" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@zeljkazorz/113963936592147097">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Zeljka Zorz (zeljkazorz@infosec.exchange)'s status on Saturday, 08-Feb-2025 03:14:08 JSTZeljka Zorz
in reply to
@buherator@infosec.place @GossiTheDog @screaminggoat
Symantec says their protection bulletin was prompted by the AhnLab blog post.
I believe @buherator is right. Whether Microsoft found a continuation of the same campaign, with a slightly different approach / toolset, is impossible to tell.
Judging by the capabilities provided by the Godzilla post-exploitation framework and the Godzilla webshell, I wold venture to say that they are one and the same, only Microsoft used that particular expression (and did not elaborate on it, which means they expect the readers to be familiar with it already - i.e., it's known and documented).
In conversationabout 3 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice