Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E.

2023-09-11 13:24

The Iranian threat actor known as Charming Kiten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor.

"The Sponsor backdoor uses configuration files stored on disk," ESET researcher Adam Burgher said in a new report published today.

"The Merlin agent executed a Meterpreter reverse shell that called back to a new server," Burgher said.

Written in C++, Sponsor is designed to gather host information and process instructions received from a remote server, the results of which are sent back to the server.

"Ballistic Bobcat continues to operate on a scan-and-exploit model, looking for targets of opportunity with unpatched vulnerabilities in internet-exposed Microsoft Exchange servers," Burgher said.

"The group continues to use a diverse open-source toolset supplemented with several custom applications, including its Sponsor backdoor."

News URL

https://thehackernews.com/2023/09/charming-kitens-new-backdoor-sponsor.html

#backdoor #brazil #israel