Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

2023-05-15 10:17

Symantec, by Broadcom Software, is tracking the activity under its insect-themed moniker Lancefly, with the attacks making use of a "Powerful" backdoor called Merdoor.

"The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted," Symantec said in an analysis shared with The Hacker News.

"The attackers in this campaign also have access to an updated version of the ZXShell rootkit."

ZXShell, first documented by Cisco in October 2014, is a rootkit that comes with various features to harvest sensitive data from infected hosts.

"The new version of the rootkit used by Lancefly appears to be smaller in size, while it also has additional functions and targets additional antivirus software to disable."

"While the Merdoor backdoor appears to have been in existence for several years, it appears to only have been used in a small number of attacks in that time period," Symantec noted.

News URL

https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html

#backdoor #researcher