ALFA Wordpress attack
Menu QR Codes
Menu ALFA Wordpress attack
 

ALFA Wordpress attack

This is a remote access threat launched at Wordpress installs.

The following was observed when I was monitoring server logs:

It looks like a "fishing expedition" looking for files related to the Alfa Team

Top

" ALFA TEaM is an Iranian associated group who create various web malware including PHP shells and in the past one such tool, ALFA TEaM Shell, has been used by threat actors like APT 33. APT 33 is a suspected Iranian group that has targeted various industries in the past.

You can read a detailed analysis from FireEye on the group APT 33 and their tactics here. "

APT33

APT33 seem to be an Iranian Cyber-Security group that I have seen making probes on this website. The probes apparently are looking for vulnerabilites in Wordpress installations. Seeing as I don't use Wordpress, and I have stated why I have problems with Wordpress, there is little for me or vistors to this website to be concerned with.

The ALFA attack is attempt to compromise a Wordpress built website so that subversive posts can be made by hostile agents.

The ALFA teams process

A snippet from my server log can be seen at the top of this page.

Links

References:

  • APT33 insights into iranian cyber espionage - https:// www.mandiant.com/resources/blog/apt33-insights-into-iranian-cyber-espionage
  • ALFA TEaM v4.1 Web Shell New Features - https:// lukeleal.com/research/posts/ alfa-shell-4-tesla/
  • APT33 - https:// attack.mitre.org/groups/ G0064/
  • Looking into attacks and techniques used against Wordpress sites - https:// www.trendmicro.com /en_gb/research/19/l/ looking-into-attacks-and-techniques-used-against-wordpress-sites.html - trendmicro.com

Site design by Tempusfugit Web Design -