Security Alert Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence


Level 27
Jun 14, 2011
A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily.

In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK ransomware attacks.

But new research by FireEye's Mandiant cyber forensics arm has now revealed a previously unknown persistence mechanism that shows the adversaries made use of BITS to launch the backdoor.


Staff member
Malware Hunter
Jul 27, 2015
Is this new? BITS or other LOLBins aren't new.

Even " old " trick works and constant being re-used. BITS ( Background Intelligent Transfer Service ) being misused/abused I seen myself from time to time with samples so no, it's by itself not anything new but that's not solely what the main source FireEyes report is about.
now revealed a previously unknown persistence mechanism