CySecurity News – Latest Information Security and Hacking Incidents
Even after the TrickBot infrastructure was shut down, the malware’s operators continued to improve and retool its arsenal in preparation for attacks which ended in the distribution of the Conti ransomware. The new, improved edition of the criminal gang’s AnchorDNS backdoor was called AnchorMail by IBM Security X-Force, which discovered it.
According to IBM’s malware reverse researcher Charlotte Hammond, AnchorMail “uses an email-based [command-and-control] server with which it connects using SMTP and IMAP protocols over TLS.” “AnchorMail’s behavior is essentially similar to vs its AnchorDNS predecessor, excluding the redesigned C2 communication method.”
The Trickbot Group, also known as ITG23 on X-Force, is a cybercriminal group best known for creating the Trickbot financial Trojan. Originally discovered in 2016, it was used to aid online banking fraud, initially. The gang adapted to the ransomware economy by gaining a footing for ransomware assaults utilizing its Trickbot and Bazarloader payloads, a tight partnership with both the Conti ransomware-as-a-service provider (RaaS).
ITG23 is also known for creating the Anchor malware framework, which includes the AnchorDNS variant. In 2018 various high-profile targets were being infected with Trickbot or Bazarbackdoor, another ITG23 backdoor. AnchorDNS is known for using the DNS protocol to communicate with its Command and Control (C2) server. The improved backdoor, dubbed AnchorMail or Delegatz by IBM Security X-Force researchers, now communicates
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: