After injecting PowerShell commands in a vulnerable web server, OilRig proceeds to leverage CVE-2024-30088 to facilitate password filter DLL registration for plaintext credential capturing, 'ngrok' utility installation for covert communications, and the targeting of Microsoft Exchange servers with the novel 'StealHook' backdoor.
Article Link: High-severity Windows vulnerability leveraged in new OilRig APT attacks | SC Media