New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
25 November 2023
An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack.
The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhibits “sophisticated features such as custom encoding methods for client communication and in-memory execution,” Kaspersky security researcher Mert