Security News > 2021 > December > Experts Discover Backdoor Deployed on the U.S. Federal Agency's Network

A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a "Classic APT-type operation."

"This attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate this, or other networks more deeply," Czech security company Avast said in a report published last week.

At this stage, only "Parts of the attack puzzle" have been uncovered, leaving the door open for a lot of unknowns with regards to the nature of the initial access vector used to breach the network, the sequence of post-exploitation actions taken by the actor, and the overall impact of the compromise itself.

What's known is that the attack was carried out in two stages to deploy two malicious binaries that enabled the unidentified adversary to intercept internet traffic and execute code of their choosing, permitting the operators to take complete control over the infected systems.

Interestingly, not only both the samples masquerade as an Oracle library named "Oci.dll," the second-stage decryptor deployed during the attack was found to share similarities with another executable detailed by Trend Micro researchers in 2018, which delved into an information theft-driven supply chain attack dubbed "Operation Red Signature" aimed at organizations in South Korea.

The overlaps have led the Avast Threat Intelligence Team to suspect that the attackers have had access to the source code of the latter.

News URL

https://thehackernews.com/2021/12/experts-discover-backdoor-deployed-on.html