Security News > 2022 > October > Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers
A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021.
ESET's latest discovery of five more previously undocumented backdoors brings into focus an active espionage-oriented threat actor that's constantly refining and retooling its malware arsenal.
"The numerous versions and changes Polonium introduced into its custom tools show a continuous and long-term effort to spy on the group's targets," ESET researcher Matías Porolli said.
DeepCreep - A C# backdoor that reads commands from a text file stored in Dropbox accounts and exfiltrates data.
FlipCreep - A C# backdoor that reads commands from a text file stored in an FTP server and exfiltrates data.
"They like to divide the code in their backdoors, distributing malicious functionality into various small DLLs, perhaps expecting that defenders or researchers will not observe the complete attack chain."
News URL
https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html
Related news
- Researchers unearth two previously unknown Linux backdoors (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)