Security News > 2021 > May > New Moriya rootkit used in the wild to backdoor Windows systems
An unknown threat actor used a new stealthy rootkit to backdoor targeted Windows systems what looks like an ongoing espionage campaign dubbed TunnelSnake going back to at least 2018.
Rootkits are malicious tools designed to evade detection by burying deep into the operating system and used by attackers to fully take over infected systems while avoiding detection.
The previously unknown malware, dubbed Moriya by Kaspersky researchers who discovered it in the wild, is a passive backdoor that enables attackers to covertly spy on their victims' network traffic and send commands to compromised hosts.
The threat actor used backdoored systems belonging to Asian and African diplomatic entities and other high-profile organizations to gain control of their networks and maintain persistence for months without being detected.
"We also found an older version of Moriya used in a stand-alone attack in 2018, which points to the actor being active since at least 2018," Giampaolo Dedola, a senior security researcher at Kaspersky's Global Research and Analysis Team, added.
In October, Kaspersky also found the second-ever UEFI rootkit used in the wild while investigating attacks from 2019 against two non-governmental organizations.