Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,073
Content source
https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html
Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023.

Symantec, by Broadcom Software, is tracking the activity under its insect-themed moniker Lancefly, with the attacks making use of a "powerful" backdoor called Merdoor.

Evidence gathered so far points to the custom implant being utilized as far back as 2018. The ultimate goal of the campaign, based on the tools and the victimology pattern, is assessed to be intelligence gathering.

"The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted," Symantec said in an analysis shared with The Hacker News.
Click to expand...


symantec-enterprise-blogs.security.com

Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors

Merdoor backdoor is low prevalence and used in highly targeted attacks.
symantec-enterprise-blogs.security.com symantec-enterprise-blogs.security.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Andy Ful, simmerskool, SUNILKUMAR and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,233
A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.

The Symantec Threat Labs revealed today that Lancefly has been deploying the stealthy Merdoor backdoor in highly targeted attacks since 2018 to establish persistence, execute commands, and perform keylogging on corporate networks.

"Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018," reveals the new Symantec report.

"Symantec researchers observed it being used in some activity in 2020 and 2021, as well as this more recent campaign, which continued into the first quarter of 2023. The motivation behind both these campaigns is believed to be intelligence gathering."

Lancefly is believed to focus on cyber-espionage, aiming to collect intelligence from its victims' networks over extensive periods.

Symantec hasn't discovered the initial infection vector used by Lancefly. However, it has found evidence that the threat group uses phishing emails, SSH credentials brute forcing, and public-facing server vulnerabilities exploitation for unauthorized access over the years.
Click to expand...
www.bleepingcomputer.com

Stealthy MerDoor malware uncovered after five years of attacks

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: silversurfer, simmerskool, SeriousHoax and 4 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries
Replies
0
Views
1,195
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks
Replies
0
Views
1,171
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks
Replies
0
Views
1,234
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top