Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

    justmattgBy justmattgJune 10, 2023No Comments3 Mins Read

    [ad_1]

    Jun 10, 2023Ravie LakshmananCyber Attack / Malware

    SPECTRALVIPER Backdoor

    Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER.

    “SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory manipulation, and token impersonation capabilities,” Elastic Security Labs said in a Friday report.

    The attacks have been attributed to an actor it tracks as REF2754, which overlaps with a Vietnamese threat group known as APT32, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus.

    Meta, in December 2020, linked the activities of the hacking crew to a cybersecurity company named CyberOne Group.

    Cybersecurity

    In the latest infection flow unearthed by Elastic, the SysInternals ProcDump utility is leveraged to load an unsigned DLL file that contains DONUTLOADER, which, in turn, is configured to load SPECTRALVIPER and other malware such as P8LOADER or POWERSEAL.

    SPECTRALVIPER is designed to contact an actor-controlled server and awaits further commands while also adopting obfuscation methods like control flow flattening to resist analysis.

    SPECTRALVIPER Backdoor

    P8LOADER, written in C++, is capable of launching arbitrary payloads from a file or from memory. Also used is a purpose-built PowerShell runner named POWERSEAL that’s equipped to run supplied PowerShell scripts or commands.

    REF2754 is said to share tactical commonalities with another group dubbed REF4322, which is known to primarily target Vietnamese entities to deploy a post-exploitation implant referred to as PHOREAL (aka Rizzo).

    The connections have raised the possibility that “both REF4322 and REF2754 activity groups represent campaigns planned and executed by a Vietnamese state-affiliated threat.”

    UPCOMING WEBINAR

    🔐 Mastering API Security: Understanding Your True Attack Surface

    Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

    Join the Session

    The findings come as the intrusion set dubbed REF2924 has been tied to yet another piece of malware called SOMNIRECORD that employs DNS queries to communicate with a remote server and bypass network security controls.

    SOMNIRECORD, like NAPLISTENER, makes use of existing open source projects to hone its capabilities, enabling it to retrieve information about the infected machine, list all running processes, deploy a web shell, and launch any executable already present in the system.

    “The use of open source projects by the attacker indicates that they are taking steps to customize existing tools for their specific needs and may be attempting to counter attribution attempts,” the company said.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleDOS Attacks Dominate, but System Intrusions Cause Most Pain
    Next Article New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑