Security News > 2022 > September > Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments.

Symantec's latest analysis of attacks between February and September 2022, during which the group targeted the governments of two Middle Eastern countries and the stock exchange of an African nation, highlights the use of a new backdoor called Stegmap.

The new malware leverages steganography - a technique used to embed a message in a non-secret document - to extract malicious code from a bitmap image of an old Microsoft Windows logo hosted on a GitHub repository.

"Downloads from trusted hosts such as GitHub are far less likely to raise red flags than downloads from an attacker-controlled command-and-control server."

Stegmap, like any other backdoor, has an extensive array of features that allows it to carry out file manipulation operations, download and run executables, terminate processes, and make Windows Registry modifications.

Attacks that lead to the deployment of Stegmap weaponize ProxyLogon and ProxyShell vulnerabilities in Exchange Server to drop the China Chopper web shell, that's then used to carry out credential theft and lateral movement activities, before launching the LookBack malware.

News URL

https://thehackernews.com/2022/09/cyber-attacks-against-middle-east.html