Security News > 2023 > August > Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics

"The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems," Kaspersky said in an analysis spotlighting APT31's previously undocumented tradecraft.

Some variants of the second-stage backdoors also come with features designed to look up file names in the Microsoft Outlook folder, execute remote commands, and employ the third-step component to complete the data exfiltration step in the form of RAR archive files.

In what's a novel twist, APT31 is said to have used a command-and-control inside the corporate perimeter and leveraged it as a proxy to siphon data from systems that lacked direct access to the internet, indicating clear attempts to single out air-gapped hosts.

A third similar implant is configured to send the data via the Yandex email service.

"Abusing popular cloud-based data storages may allow the threat actor(s) to evade security measures," the company said.

"At the same time, it opens up the possibility for stolen data to be leaked a second time in the event that a third party gets access to a storage used by the threat actor(s)."

News URL

https://thehackernews.com/2023/08/researchers-shed-light-on-apt31s.html