Security News > 2023 > September > Iranian hackers backdoor 34 orgs with new Sponsor malware
A nation-state threat actor known as 'Charming Kitten' has been observed deploying a previously unknown backdoor malware named 'Sponsor' against 34 companies around the globe.
One of the notable features of the Sponsor backdoor is that it hides its otherwise innocuous configuration files on the victim's disk so they can be discreetly deployed by malicious batch scripts, successfully evading detection.
Before deploying the Sponsor backdoor, the final payload seen in these attacks, the hackers drop batch files on specific file paths on the host machine, which writes the required configuration files.
Sponsor is a C++ backdoor that creates a service upon launch as instructed by the configuration file, which also contains encrypted command and control server addresses, C2 contacting intervals, and the RC4 decryption key.
CISA: New Whirlpool backdoor used in Barracuda ESG hacks.
FIN8 cybercrime gang backdoors US orgs with new Sardonic malware.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)