Advisory 2020-008: Copy-paste compromises – tactics, techniques and procedures used to target …

Given that the vast majority of software development is copy-paste and/or including someone else’s library, this name isn’t going to be unique. This is the article that has all the details and Indicators of Compromise (IoCs)…:

The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source.

The actor has been identified leveraging a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure — primarily through the use of remote code execution vulnerability in unpatched versions of Telerik UI. Other vulnerabilities in public-facing infrastructure leveraged by the actor include exploitation of a deserialisation vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability and the 2019 Citrix vulnerability.


Original article here