Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

November 27, 2020
in Internet Privacy
Digitally Signed Bandook Malware Once Again Targets Multiple Sectors
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan.

Check Point Research called out hackers affiliated with a group named Dark Caracal in a new report published yesterday for their efforts to deploy “dozens of digitally signed variants” of the Bandook Windows Trojan over the past year, thus once again “reigniting interest in this old malware family.”

You might also like

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

BRATA Malware Poses as Android Security Scanners on Google Play Store

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

The different verticals singled out by the threat actor include government, financial, energy, food industry, healthcare, education, IT, and legal institutions located in Chile, Cyprus, Germany, Indonesia, Italy, Singapore, Switzerland, Turkey, and the US.

The unusually large variety of targeted markets and locations “reinforces a previous hypothesis that the malware is not developed in-house and used by a single entity, but is part of an offensive infrastructure sold by a third party to governments and threat actors worldwide, to facilitate offensive cyber operations,” the researchers said.

Dark Caracal’s extensive use of Bandook RAT to execute espionage on a global scale was first documented by the Electronic Frontier Foundation (EFF) and Lookout in early 2018, with the group attributed to the theft of enterprise intellectual property and personally identifiable information from thousands of victims spanning over 21 countries.

http://thehackernews.com/

The prolific group, which has operated at least since 2012, has been linked to the Lebanese General Directorate of General Security (GDGS), deeming it a nation-state level advanced persistent threat.

The concurrent use of the same malware infrastructure by different groups for seemingly unrelated campaigns led the EFF and Lookout to surmise that the APT actor “either uses or manages the infrastructure found to be hosting a number of widespread, global cyberespionage campaigns.”

Now the same group is back at it with a new strain of Bandook, with added efforts to thwart detection and analysis, per Check Point Research.

A Three-Stage Infection Chain

The infection chain is a three-stage process that begins with a lure Microsoft Word document (e.g. “Certified documents.docx”) delivered inside a ZIP file that, when opened, downloads malicious macros, which subsequently proceeds to drop and execute a second-stage PowerShell script encrypted inside the original Word document.

In the last phase of the attack, this PowerShell script is used to download encoded executable parts from cloud storage services like Dropbox or Bitbucket in order to assemble the Bandook loader, which then takes the responsibility of injecting the RAT into a new Internet Explorer process.

The Bandook RAT — commercially available starting in 2007 — comes with all the capabilities typically associated with backdoors in that it establishes contact with a remotely-controlled server to receive additional commands ranging from capturing screenshots to carrying out various file-related operations.

http://thehackernews.com/

But according to the cybersecurity firm, the new variant of Bandook is a slimmed-down version of the malware with support for only 11 commands, while prior versions were known to feature as many as 120 commands, suggesting the operators’ desire to reduce the malware’s footprint and evade detection against high-profile targets.

That’s not all. Not only valid certificates issued by Certum were used to sign this trimmed version of the malware executable, Check Point researchers uncovered two more samples — full-fledged digitally-signed and unsigned variants — which they believe are operated and sold by a single entity.

“Although not as capable, nor as practiced in operational security like some other offensive security companies, the group behind the infrastructure in these attacks seems to improve over time, adding several layers of security, valid certificates and other techniques, to hinder detection and analysis of its operations,” the researchers concluded.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Dyson unveils £2.75bn investment plan in battery technology, robotics and machine learning

Next Post

Networking equipment vendor Belden discloses data breach

Related Posts

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
What Does It Take To Be a Cybersecurity Researcher?
Internet Privacy

What Does It Take To Be a Cybersecurity Researcher?

April 12, 2021
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
Internet Privacy

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

April 12, 2021
Next Post
Networking equipment vendor Belden discloses data breach

Networking equipment vendor Belden discloses data breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets
Blockchain

Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets

April 13, 2021
AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning
Machine Learning

AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning

April 13, 2021
Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021
Neural Networks

Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021

April 13, 2021
The rise of headless and hybrid CMS: Tuesday’s daily brief
Digital Marketing

The rise of headless and hybrid CMS: Tuesday’s daily brief

April 13, 2021
Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets April 13, 2021
  • AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning April 13, 2021
  • Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021 April 13, 2021
  • The rise of headless and hybrid CMS: Tuesday’s daily brief April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates