New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations

2021-05-07 05:56

An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018.

Called 'Moriya,' the malware is a "Passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for the malware and respond to them," said Kaspersky researchers Mark Lechtik and Giampaolo Dedola in a Thursday deep-dive.

The first reports of Moriya emerged last November when Kaspersky said it discovered the stealthy implant in the networks of regional inter-governmental organizations in Asia and Africa.

Malicious activity associated with the operation is said to have dated back to November 2019, with the rootkit persisting in the victim networks for several months following the initial infection.

Rootkits are particularly dangerous as they allow attackers to gain high privileges in the system, enabling them to intercept core input/output operations conducted by the underlying operating system and better blend with the landscape, thus making it difficult to trace the attacker's digital footprints.

"The TunnelSnake campaign demonstrates the activity of a sophisticated actor that invests significant resources in designing an evasive toolset and infiltrating networks of high-profile organizations," Lechtik and Dedola said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/M93FJhe-tOY/new-stealthy-rootkit-infiltrated.html