Security News > 2022 > February > State hackers' new malware helped them stay undetected for 250 days

State hackers' new malware helped them stay undetected for 250 days
2022-02-03 15:38

A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies.

Details from one attack show that the threat actor spent 175 days on the compromised network.

Symantec researchers analyzing two other attacks determined that the the adversary went undetected on the network for as long as 250 days.

CheckID - Custom C++ loader based on a similar tool used by the BlackHole RAT. NetSessionEnum - Custom SMB session enumeration tool.

Finally, the actors were also observed leveraging CVE-2019-1458 for privilege escalation and remote scheduling that helped execute the backdoor.

In the attacks dissected by Symantec's analysts, xPack was initially used to collect basic system information and running processes, and then for dumping credentials.


News URL

https://www.bleepingcomputer.com/news/security/state-hackers-new-malware-helped-them-stay-undetected-for-250-days/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-12-10 CVE-2019-1458 Unspecified vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
local
low complexity
microsoft
7.8
7.8