The Initial Access Broker (IAB) referred to as Gold Melody has been linked to a campaign that capitalizes on compromised ASP.NET machine keys to gain illegal entry to organizations and sell that access to other malicious actors.
This activity is being monitored by Palo Alto Networks Unit 42 under the designation TGR-CRI-0045, where “TGR” signifies “temporary group” and “CRI” indicates criminal intent.