ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies

2023-09-19 12:35

Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop.

"HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the infected endpoint," Cisco Talos said in a report shared with The Hacker News.

It's suspected that ShroudedSnooper exploits internet-facing servers and deploys HTTPSnoop to gain initial access to target environments, with both the malware strains impersonating components of Palo Alto Networks' Cortex XDR application to fly under the radar.

Three different HTTPSnoop samples have been detected to date.

"The HTTP URLs used by HTTPSnoop along with the binding to the built-in Windows web server indicate that it was likely designed to work on internet-exposed web and EWS servers," Talos researchers said.

Later that December, Broadcom-owned Symantec shed light on an espionage campaign targeting telecom operators in the Middle East and Asia by a likely Iranian threat actor known as MuddyWater.

News URL

https://thehackernews.com/2023/09/shroudedsnoopers-httpsnoop-backdoor.html

#backdoor #telecom