Featured Post
The Windows logo is not immune to viruses
- Dapatkan link
- Aplikasi Lainnya
Dangerous spyware is being smuggled into images by Chinese hackers. Even the recognizable Windows logo appears to be vulnerable to malware these days, as some thieves were able to effectively encrypt harmful code inside of it (opens in new tab).
One such effort allegedly made use of steganography, a technique for concealing harmful code in otherwise benign photos, according to cybersecurity specialists at Symantec.
Antivirus software typically does not identify photos as malicious, hence it is commonly done to evade detection.
Pursuing governments
In this instance, the steganography attacks were carried out by a group known as Witchetty, which is also thought to be a member of the TA410 group that has previously targeted US energy suppliers and is thought to be closely linked to the Chinese state-sponsored actor Cicada (also known as APT10).
In February 2022, the organisation launched its most recent campaign, which was directed against at least two Middle Eastern nations.
Additionally, there are allegations that a stock exchange attack in Africa is still ongoing. Witchetty reduced the likelihood of being discovered by using steganography techniques to conceal an XOR-encrypted backdoor that was hosted on a cloud service. The attackers used known Microsoft Exchange ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2021-26855, and CVE-2021-27065) for initial access in order to drop webshells on vulnerable endpoints(opens in new tab).
The attackers were able to host the payload on a free, reputable service by disguising it in this way, according to Symantec. Downloads from reputable servers like GitHub are much less likely to cause concern than downloads from command-and-control (C&C) servers that are under the control of an attacker.
With the use of the XOR-encrypted backdoor, threat actors are able to alter files and directories, start and stop processes, modify the Windows Registry, download new malware, steal data, and use the infected endpoint as a C2 server, among other things.
The last time Cicada made headlines was in April 2022, when researchers revealed that the group had used the well-known VLC media player to spread malware and spy on governmental entities and nearby businesses in the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.
- Dapatkan link
- Aplikasi Lainnya
Komentar
Posting Komentar