Security News > 2021 > April > Cyberspies target military organizations with new Nebulae backdoor
A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia.
Naikon is likely a state-sponsored threat actor tied to China, mostly known for focusing its efforts on high-profile orgs, including government entities and military orgs.
Backdoor used for persistence backup after detection.
During their attacks, Naikon abused legitimate software to side-load the second-stage malware dubbed Nebulae likely used to achieve persistence, according to research published today by security researchers at Bitdefender's Cyber Threat Intelligence Lab.
"The data we obtained so far tell almost nothing about the role of the Nebulae in this operation, but the presence of a persistence mechanism could mean that it is used as backup access point to victim in the case of a negative scenario for actors," Bitdefender researcher Victor Vrabie said.
In the same series of attacks, the Naikon threat actors also delivered first-stage malware known as RainyDay or FoundCore used to deploy second-stage payloads and tools used for various purposes, including the Nebulae backdoor.