Naikon used RainyDay for initial intrusion and Nebulae for persistence. (Source: Bitdefender)
A Chinese advanced persistent threat group known as Naikon deployed a new malware backdoor to wage a lengthy cyberespionage campaign against military organizations in Southeast Asia, security firm Bitdefender reports.
The group used the new backdoor Nebulae to achieve persistence on a network. It used Aria-Body loader for the initial compromise and switched to using the RainyDay backdoor for initial compromise in September 2020, researchers say. The APT group also deployed data exfiltration tools.
The cyberespionage campaign was conducted between June 2019 and March 2021, Bitdefender reports. Our research confidently points to an operation conducted by the Naikon group based on the extraction of the C&C [command-and-control] addresses from Nebulae samples. The particular domain dns.seekvibega.com obtained from such a sample points to the Naikon infrastructure.
Touhill Takes Charge at Carnegie Mellon SEI s CERT bankinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from bankinfosecurity.com Daily Mail and Mail on Sunday newspapers.
Analysts Uncover More Servers Used in SolarWinds Attack Twitter Get Permission
Researchers at the security firm RiskIQ say they ve discovered more than a dozen previously undocumented command-and-control servers used in the SolarWinds supply chain attack, showing that the cyberespionage operation was much larger than previously identified.
U.S. investigators say the Russian Foreign Intelligence Service, aka SVR, was responsible for the attack.
Many of these command-and-controls servers were hosted within the U.S. by cloud infrastructure service providers, including Amazon Web Services, to help the attackers avoid detection and blend with normal network traffic, RiskIQ says in a new report.
BankInfoSecurity Twitter
Huawei s App Gallery contained malicious apps (Source: Doctor Web)
Joker malware has targeted more than 500,000 Android devices across the world through malicious apps in AppGallery, the official app store of Huawei, according to the security firm Doctor Web.
The malicious apps offered in Huawei s AppGallery are a fully functioning virtual keyboard, a camera app, a launcher, an online messenger, a sticker collection, coloring programs and a game, Doctor Web notes. Victims who use them are unaware of background malicious activity.
The malicious Joker apps have been downloaded 538,000 times. Once installed on an Android device, the attackers use the malware to subscribe the device to up to 10 premium mobile services at a time. The attacker, who owns the overseas “premium service” to which the victim unknowingly subscribed, then receives mobile service fees paid for via the victim’s phone bill.
Joker Malware Targets More Android Devices govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.