Security News > 2022 > October > Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers

Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers
2022-10-28 11:01

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan.

This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a report shared with The Hacker News.

The dropper "Is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services logs," the researchers said.

"The commands read by Geppei contain malicious encoded.ashx files," the researchers noted.

"These files are saved to an arbitrary folder determined by the command parameter and they run as backdoors."

"The use of a novel technique and custom tools, as well as the steps taken to hide traces of this activity on victim machines, indicate that Cranefly is a fairly skilled threat actor," the researchers concluded.


News URL

https://thehackernews.com/2022/10/researchers-uncover-stealthy-techniques.html