![]() ![]() The commands are coming in the form of custom-crafted packets that are hidden within the victims’ network traffic, without having to reach out to a command-and-control server, therefore adding even more to the operation’s stealth and showing the threat actor’s focus on evading detection, according to a statement made by Mark Lechtik. Moriya allowed TunnelSnake operators to capture and analyze incoming network traffic “from the Windows kernel’s address space, a memory region where the operating system’s kernel resides and where typically only privileged and trusted code runs.”Īn important aspect that needs consideration is the way in which the backdoor receives commands. Moriya is used to enable attackers to spy on their victims’ network traffic and send commands to compromised hosts, whilst not being detectable. The Moriya malware has previously been unknown until researchers from Kaspersky have discovered it in the wild. They are able to bury themselves deep into the operating system, therefore they can be used by attackers in order to fully take over infected systems whilst avoid being caught. Rootkits are malicious tools designed to evade detection. ![]() The attack looks very similar to the ongoing espionage campaign called TunnelSnake going back to at least 2018. It looks like an unknown threat actor had used a new and seemingly stealthy rootkit in order to backdoor target Windows systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |