New Moriya rootkit backdoors targets Windows systems
Ransomware is now a national security risk. An unknown threat actor used a new stealthy rootkit to backdoor targeted Windows systems what looks like an ongoing espionage campaign dubbed TunnelSnake going back to at least 2018. A Kaspersky researchers found that an advanced persistent threat (APT) group, origin unknown but suspected of being Chinese-speaking, has used the rootkit to quietly take control of networks belonging to organizations.
Rootkits are packages of tools that are designed to stay under the radar by hiding themselves in deep levels of system code. Rootkits can range from malware designed to attack the kernel to firmware, or memory, and will often operate with high levels of privilege.
According to Kaspersky, the newly-discovered rootkit, named Moriya, is used to deploy passive backdoors on public-facing servers. The backdoors are then used to establish a connection -- quietly -- with a command-and-control (C2) server controlled by the threat actors for malicious purposes.
Moriya allowed TunnelSnake operators to capture and analyze incoming network traffic "from the Windows kernel's address space, a memory region where the operating system's kernel resides and where typically only privileged and trusted code runs."
The way the backdoor received commands in the form of custom-crafted packets hidden within the victims' network traffic, without needing to reach out to a command-and-control server, further added to the operation's stealth showing the threat actor's focus on evading detection.
"We see more and more covert campaigns such as TunnelSnake, where actors take additional steps to remain under the radar for as long as possible, and invest in their toolsets, making them more tailored, complex and harder to detect," Mark Lechtik, a senior security researcher at Kaspersky's Global Research and Analysis Team, said.
Accenture introduces myNav Green Cloud Advisor
Accenture has launched Green Cloud Advisor, a new capability for the Accenture myNav platf...
Citrix gains recognition for delivering Secure Remote Access Solutions
Citrix Systems has announced its being recognized among the most important and innovative...
Trend Micro announces 'Partner Ninja' Program for Channels at the Partner Day 2021
Trend Micro Incorporated recently held its virtual regional partner conference, Partn...
The post-pandemic world reshaping the security challenges
Plus, there are many advantages in storing data centrally and off-premise when it comes...
Dreamforce Everywhere: Salesforce Announces the First Global Dreamforce
Salesforce (NYSE: CRM), the global leader in CRM, today announced the first-ever global Dr...