![]() “This tool is a passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for the malware and respond to them. ![]() Persistence is achieved through the creation of a service named Network Services Manager. To remain under the radar, the Moriya rootkit inspects network packets in kernel mode, drops packets of interest before they could be observed, and does not initiate a server connection, but waits for incoming traffic instead. ![]() Kaspersky’s security researchers believe that the attackers had access to the network since 2018. The attacker managed to maintain persistence for several months after initially deploying the malware, with less than 10 victims identified to date.Īs part of an attack on an additional victim in South Asia, various tools were deployed for lateral movement, including one previously associated with APT1. Kaspersky discovered the rootkit on the networks of regional diplomatic organizations in Asia and Africa and says that the oldest identified instances are dated October 2019. Multiple other tools that show cover overlaps with the rootkit were also found. The rootkit is part of the toolkit used by TunnelSnake, an unknown actor that deploys backdoors onto public servers belonging to the targeted entities. ![]() Researchers at anti-malware vendor Kaspersky are documenting a new, previously unknown Windows rootkit being used in the toolkit of an APT actor currently targetings d iplomatic entities in Asia and Africa.ĭubbed Moriya, the rootkit provides the threat actor with the ability to intercept network traffic and hide commands sent to the infected machines, thus allowing the attackers to stay hidden within the compromised networks for months. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |