Security News > 2022 > October > Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers
A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021.
ESET's latest discovery of five more previously undocumented backdoors brings into focus an active espionage-oriented threat actor that's constantly refining and retooling its malware arsenal.
"The numerous versions and changes Polonium introduced into its custom tools show a continuous and long-term effort to spy on the group's targets," ESET researcher Matías Porolli said.
DeepCreep - A C# backdoor that reads commands from a text file stored in Dropbox accounts and exfiltrates data.
FlipCreep - A C# backdoor that reads commands from a text file stored in an FTP server and exfiltrates data.
"They like to divide the code in their backdoors, distributing malicious functionality into various small DLLs, perhaps expecting that defenders or researchers will not observe the complete attack chain."
News URL
https://thehackernews.com/2022/10/researchers-uncover-custom-backdoors.html
Related news
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)