Fuckyouwaf a campaign against waf from APT27

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

Security researchers have identified a new campaign called 'Fuckyouwaf' attributed to APT27/Threat Group-3390, targeting shops in China and Europe. The attack exploits PbootCMS vulnerabilities to bypass Web Application Firewalls and deploy webshells. The campaign uses obfuscated PHP payloads disguised as ZIP files and GIF images, along with a Go-based trojan called 'ak47' for command and control operations. The analysis includes detailed indicators of compromise, YARA detection rules, and attribution evidence linking the campaign to known APT27 infrastructure.

Fuckyouwaf - Apt27 new chapter

Get AptXXhunter’s stories in your inbox