Hackers Using a Windows OS Feature to Evade Firewall and Gain Persistence

enaph

Level 28
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
A novel technique adopted by attackers finds ways to use Microsoft's Background Intelligent Transfer Service (BITS) so as to deploy malicious payloads on Windows machines stealthily.

In 2020, hospitals, retirement communities, and medical centers bore the brunt of an ever-shifting phishing campaign that distributed custom backdoors such as KEGTAP, which ultimately paved the way for RYUK ransomware attacks.

But new research by FireEye's Mandiant cyber forensics arm has now revealed a previously unknown persistence mechanism that shows the adversaries made use of BITS to launch the backdoor.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Is this new? BITS or other LOLBins aren't new.

Even " old " trick works and constant being re-used. BITS ( Background Intelligent Transfer Service ) being misused/abused I seen myself from time to time with samples so no, it's by itself not anything new but that's not solely what the main source FireEyes report is about.
now revealed a previously unknown persistence mechanism
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top