Security News > 2022 > February > State hackers' new malware helped them stay undetected for 250 days
A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies.
Details from one attack show that the threat actor spent 175 days on the compromised network.
Symantec researchers analyzing two other attacks determined that the the adversary went undetected on the network for as long as 250 days.
CheckID - Custom C++ loader based on a similar tool used by the BlackHole RAT. NetSessionEnum - Custom SMB session enumeration tool.
Finally, the actors were also observed leveraging CVE-2019-1458 for privilege escalation and remote scheduling that helped execute the backdoor.
In the attacks dissected by Symantec's analysts, xPack was initially used to collect basic system information and running processes, and then for dumping credentials.
News URL
Related news
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-1458 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |