Security News > 2021 > March > Hackers are implanting multiple backdoors at industrial targets in Japan
Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan.
Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 using previously undocumented malware to deliver as many as three payloads such as SodaMaster, P8RAT, and FYAnti.
The fresh attacks uncovered by Kaspersky are said to have occurred in January 2021.
Center to the campaign is a malware called Ecipekac that traverses a four-layer "Complicated loading schema" by making use of four files to "Load and decrypt four fileless loader modules one after the other to eventually load the final payload in memory."
While the main purpose of P8RAT and SodaMaster is to download and execute payloads retrieved from an attacker-controlled server, Kaspersky's investigation hasn't yielded any clues as to the exact malware delivered on target Windows systems.
Interestingly, the third payload, FYAnti, is a multi-layer loader module in itself that goes through two more successive layers to deploy a final-stage remote access Trojan known as QuasarRAT. "The operations and implants of the campaign ... are remarkably stealthy, making it difficult to track the threat actor's activities," Kaspersky researcher Suguru Ishimaru said.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/M8y5bq-NcEM/hackers-are-implanting-multiple.html
Related news
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)