BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor

Description

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for data theft, remote execution, and persistence. Notably, BITSLOTH contains 35 distinct command handlers for tasks like keylogging, screen capture, discovery, enumeration, and command execution. Analysis suggests the malware has been under development since 2021 by actors potentially associated with Chinese-speaking individuals or groups.