Read more on ProxyLogon here: Hackers Hide Malware in Windows Logo, Target Middle East Governments “ Our latest report into Tick’s activity found it exploiting the ProxyLogon vulnerability to compromise a South Korean IT company, as one of the groups with access to that remote code execution exploit before the vulnerability was publicly disclosed,” Muñoz explained. The security expert added that Tick has reportedly been active since at least 2006, employing a unique custom malware toolset created for persistent access in compromised machines, as well as reconnaissance, data exfiltration and additional tool download. “During the intrusion, the attackers deployed a previously undocumented downloader named ShadowPy, and they also deployed the Netboy backdoor (aka Invader) and Ghostdown downloader,” wrote ESET malware researcher Facundo Muñoz. It then trojanized legitimate tool installers used by the firm, leading to malware being executed on two of its customers’ computers.
A new malware campaign targeting an East Asian company that develops data-loss prevention (DLP) software for government and military entities has been attributed to the advanced persistent threat (APT) group known as Tick.Īccording to an advisory published by ESET on Tuesday, the threat actor breached the DLP company’s internal update servers to deliver malware within its network.
0 kommentar(er)
