"TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks"
TeslaGun is a newly discovered cyberattack panel used by Evil Corp to run ServHelper backdoor campaigns. According to data gathered in an analysis conducted by the Prodraft Threat Intelligence (PTI) team, the Evil Corp ransomware gang, also known as TA505 or UNC2165, has used TeslaGun to launch mass phishing campaigns and targeted campaigns against over 8,000 different organizations and individuals. Most targets were in the US, which accounted for over 3,600 of the victims, with a dispersed international distribution outside of that. The ServHelper backdoor malware, a long-running and constantly updated package that has been around since at least 2019, has continued to spread. According to a Cisco Talos report, it began to pick up steam again in the second half of 2021, driven by mechanisms such as fake installers and associated installer malware like Raccoon and Amadey. In August, Trellix threat intelligence reported that the ServHelper backdoor had been discovered dropping hidden cryptocurrency miners on systems. The PTI report delves into the technical details of TeslaGun and provides some details and tips that can help companies move forward with necessary countermeasures to some of today's prevalent backdoor cyberattack trends. Backdoor attacks that bypass authentication mechanisms and quietly establish persistence on enterprise systems are among the most troubling for cybersecurity defenders. This article continues to discuss Evil Corp's use of TeslaGun to run ServHelper backdoor campaigns.
Dark Reading reports "TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks"