Chinese espionage deploys new rootkit with12/12/2023 ![]() ![]() This enabled the attackers to avoid detection by security solutions. This allowed the malware to drop the unique malicious packets delivered to it before they are processed by the operating system’s network stack. It intercepts and inspects network packets in transit from the Windows kernel’s address space, a memory region where the operating system’s kernel resides and where typically only privileged and trusted code runs. This rootkit, which was dubbed Moriya, was particularly evasive thanks to two traits. The investigation into the campaign started when Kaspersky received a set of alerts from its product upon detection of a unique rootkit within the targeted networks. Thanks to measures taken by Microsoft over the years to protect systems, successful deployment and execution of a rootkit component has become a difficult task, especially in the kernel space, with most Windows rootkits now being leveraged in high profile APT attacks, such as TunnelSnake. Rootkits are notorious for stealth and evasion due to their ability to blend into the fabric of the operating system. Rootkits are malicious programs or collections of software tools, that give attackers practically unlimited and covert access to an infected computer. This led to the attackers secretly controlling the networks of the targeted organizations for several months. This piece of malware, with nearly absolute power over the operating system, enabled threat actors to intercept network traffic and conceal malicious commands issued to the infected hosts. The attackers deployed a previously unknown rootkit dubbed Moriya. Kaspersky researchers have uncovered TunnelSnake, an ongoing advanced persistent threat (APT) campaign, active since 2019, which has targeted regional diplomatic entities in Asia and Africa. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |