A hacktivist gang that has previously attacked an African country’s stock exchange with malware and seized vast amounts of data is now focusing on the governments of several Middle Eastern countries.
ESET, a cybersecurity company, discovered Witchetty also known as LookingFrog for the first time in April 2022. It is thought to be closely associated with the state-sponsored Chinese threat actor APT10 formerly known as Cicada. The gang is also regarded as TA410 personnel, who have previously been connected to strikes against American energy suppliers.
A threat actor identified as Witchetty was seen by Broadcom’s Symantec Threat Hunter Team utilizing steganography to conceal an unknown backdoor in a Windows logo.
The new malware uses steganography, a method for hiding a message in an openly available document, to extract dangerous code from a bitmap image of a previous version of the Microsoft Windows logo.
In the campaign that Symantec found, Witchetty is utilizing steganography to conceal backdoor software that is XOR-encrypted in an outdated Windows logo bitmap picture.
“By disguising the payload in this way, the attackers were able to host it on a reliable, cost-free service. Downloads from reputable servers like GitHub are much less likely to cause concern than downloads from a command-and-control (C&C) server that is under the control of an attacker” the researchers stated.
Backdoor em
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: