Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,991
125,129
8,399
Content source
https://thehackernews.com/2023/05/researchers-uncover-powerful-backdoor.html
Government, aviation, education, and telecom sectors located in South and Southeast Asia have come under the radar of a new hacking group as part of a highly-targeted campaign that commenced in mid-2022 and continued into the first quarter of 2023.

Symantec, by Broadcom Software, is tracking the activity under its insect-themed moniker Lancefly, with the attacks making use of a "powerful" backdoor called Merdoor.

Evidence gathered so far points to the custom implant being utilized as far back as 2018. The ultimate goal of the campaign, based on the tools and the victimology pattern, is assessed to be intelligence gathering.

"The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted," Symantec said in an analysis shared with The Hacker News.
Click to expand...


symantec-enterprise-blogs.security.com

Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors

Merdoor backdoor is low prevalence and used in highly targeted attacks.
symantec-enterprise-blogs.security.com symantec-enterprise-blogs.security.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Andy Ful, simmerskool, SUNILKUMAR and 5 others
A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.

The Symantec Threat Labs revealed today that Lancefly has been deploying the stealthy Merdoor backdoor in highly targeted attacks since 2018 to establish persistence, execute commands, and perform keylogging on corporate networks.

"Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018," reveals the new Symantec report.

"Symantec researchers observed it being used in some activity in 2020 and 2021, as well as this more recent campaign, which continued into the first quarter of 2023. The motivation behind both these campaigns is believed to be intelligence gathering."

Lancefly is believed to focus on cyber-espionage, aiming to collect intelligence from its victims' networks over extensive periods.

Symantec hasn't discovered the initial infection vector used by Lancefly. However, it has found evidence that the threat group uses phishing emails, SSH credentials brute forcing, and public-facing server vulnerabilities exploitation for unauthorized access over the years.
Click to expand...
www.bleepingcomputer.com

Stealthy MerDoor malware uncovered after five years of attacks

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
Reactions: silversurfer, simmerskool, SeriousHoax and 4 others
You must log in or register to reply here.

You may also like...