Tag: backdoors

9 Attack Reports | 0 Vulnerabilities

Attack reports

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers

China-nexus espionage group UNC3886 has been discovered deploying custom backdoors on Juniper Networks' Junos OS routers. The attackers used TINYSHELL-based backdoors with varying capabilities, including active and passive functions, and an embedded script to disable logging. The group demonstrated…
espionage
persistence
medusa
backdoors
routers
gobrat
china-nexus
2025-03-12
reptile
tinyshell
pithook
network infrastructure
juniper
seaelf
busybox
ghosttown
Published: March 12, 2025
Downloadable IOCs: 13

Malicious Packages Identified in the Wild: Insights and Trends from November 2024 Onward

FortiGuard Labs has analyzed malicious software packages detected from November 2024 to March 2025, revealing various attack techniques used to exploit system vulnerabilities. Key findings include 1,082 packages with low file counts, 1,052 packages with suspicious install scripts, and 1,043 package…
obfuscation
python
typosquatting
node.js
backdoors
data exfiltration
vulnerability exploitation
2025-03-10
install scripts
software packages
Published: March 10, 2025
Downloadable IOCs: 11

Pacific Rim timeline: Information for defenders from a braid of interlocking attack campaigns

Sophos unveils a five-year investigation tracking China-based threat actors targeting perimeter devices, particularly Sophos firewalls. The report details multiple attack campaigns, including Asnarök, Bookmark Buffer Overflow, and Covert Channels, which exploited zero-day vulnerabilities to gain ac…
sliver
gh0st rat
backdoors
critical infrastructure
2024-10-31
rootkits
CVE-2020-29574
onderon
CVE-2020-15069
CVE-2022-1040
government agencies
perimeter devices
CVE-2020-12271
cloud snooper
libsophos.so
china-based threat actors
CVE-2022-3236
asnarök
zero-day vulnerabilities
asia-pacific targets
CVE-2022-1292
Published: October 31, 2024
Downloadable IOCs: 0

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

This report provides a comprehensive analysis of the toolset used by the Russia-aligned Gamaredon APT group to conduct cyberespionage activities against Ukraine in 2022 and 2023. The group has been active since 2013 and is currently the most prolific threat actor targeting Ukrainian governmental in…
apt
backdoors
stealers
2024-09-27
Published: September 27, 2024
Downloadable IOCs: 50

A glimpse into the next moves and associated botnets

The report provides insights into the evolving tactics and infrastructure of a threat group referred to as the 'Quad7 botnet operators.' It details the discovery of new staging servers, implants, and botnet clusters associated with this group. The operators appear to be compromising various router …
evasion
backdoors
xlogin
botnets
routers
2024-09-10
hammertoss
axlogin
fsynet
hammerduke
stealth
alogin
updtae
zylogin
netduke
rlogin
Published: September 10, 2024
Downloadable IOCs: 11

A glimpse into the Quad7 operators’ next moves and associated botnets

The report provides insights into the evolving tactics and infrastructure of a threat group referred to as the 'Quad7 botnet operators.' It details the discovery of new staging servers, implants, and botnet clusters associated with this group. The operators appear to be compromising various router …
evasion
backdoors
xlogin
botnets
routers
2024-09-10
hammertoss
axlogin
fsynet
hammerduke
stealth
alogin
updtae
zylogin
netduke
rlogin
Published: September 10, 2024
Downloadable IOCs: 0

Strike Ready: Introducing the Bitter APT Group

The report provides an in-depth analysis of the Bitter APT Group, a threat actor primarily focusing on cyber espionage activities in South Asia. It details the group's tactics, techniques, and procedures, including their ability to bypass security technologies by leveraging obscure file formats and…
espionage
persistence
infostealers
backdoors
2024-08-19
olmapi32.dll
scm.exe
stom.jpg
sparrow.jpg
schs.exe
orpcbackdoor
figlio.exe
sstn.exe
payloads
searchapp.jpg
Published: August 19, 2024
Downloadable IOCs: 82

Suspected Cyber Espionage Campaign Targeting Global Organizations

An analysis identified a suspected cyber espionage campaign by TAG-100, a threat group exploiting internet-facing devices and utilizing open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic, trade…
CVE-2024-3400
exploitation
cyberespionage
backdoors
2024-07-17
sparkrat
pantegana
intergovernmental
opensource
Published: July 17, 2024
Downloadable IOCs: 25

Operation Specter: An Active Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia

An analysis reveals long-term espionage operations by a Chinese advanced persistent threat (APT) group against at least seven governmental entities across the Middle East, Africa and Asia since late 2022. The threat actor attempts to obtain sensitive and classified information about diplomatic and …
cyberespionage
2024-05-23
CVE-2021-34473
gh0st rat
moudoor
mydoor
tunnelspecter
email-exfiltration
sweetspecter
embassies
backdoors
CVE-2021-26855
geopolitics
Published: May 23, 2024
Downloadable IOCs: 28
Click here to see more Attack Reports