SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

2021-09-09 14:30

The novel backdoor technique called SideWalk, seen in campaigns targeting US media and retailers late last month, has been tied to an adversary that's been around for quite a while: namely, China-linked Grayfly espionage group.

According to a report published by Symantec on Thursday, the SideWalk malware has been deployed in recent Grayfly campaigns against organizations in Taiwan, Vietnam, the US and Mexico.

Symantec said that even though the Grayfly APT is sometimes labeled APT41, its researchers consider Grayfly to be a distinct arm of APT41 that's devoted to espionage.

Researchers have seen Grayfly targeting a number of countries in Asia, Europe, and North America across a variety of industries, including food, financial, healthcare, hospitality, manufacturing and telecommunications.

Symantec researchers observed that in the recent SideWalk campaign, Grayfly looked to be particularly interested in attacking exposed Microsoft Exchange or MySQL servers, suggesting that "The initial vector may be the exploit of multiple vulnerabilities against public-facing servers."

The Grayfly attackers executed the malicious SideWalk backdoor after the web shell was installed.

News URL

https://threatpost.com/sidewalk-backdoor-china-espionage-grayfly/169310/

#backdoor #china #SPY