Security News > 2023 > September > Telecom firms hit with novel backdoors disguised as security software
Researchers have unearthed new backdoors leveraged to maintain long-term access in the networks of telecom firms in the Middle East.
HTTPSnoop and PipeSnoop - as the two implants have been dubbed by Cisco Talos researchers - have been disguised as components of Palo Alto Networks' Cortex XDR solution.
"HTTPSnoop is a simple, yet effective, new backdoor that uses low-level Windows APIs to interact directly with the HTTP device on the system. It leverages this capability to bind to specific HTTP(S) URL patterns to the endpoint to listen for incoming requests," the researchers explained.
"Any incoming requests for the specified URLs are picked up by the implant, which then proceeds to decode the data accompanying the HTTP request. The decoded HTTP data is shellcode that is then executed on the infected endpoint."
Telecommunication firms are frequently under attack by a variety of threat actors, as they can serve as a conduit for attacks on individuals, businesses and governments.
Cisco Talos researchers have not been able to connect these latest attacks with a known threat actor.