"'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks"
Two Middle Eastern telecommunications organizations were recently compromised by a potentially novel threat actor using two backdoors with new methods for covertly loading malicious shellcode onto a target system. Cisco Talos dubbed the intrusion set "ShroudedSnooper" because it could not link the activity to previously identified groups. ShroudedSnooper uses two backdoors, "HTTPSnoop" and "PipeSnoop," with advanced anti-detection mechanisms, such as masquerading as popular software products and infecting low-level Windows server components. Once implanted, they execute shellcode to give cyberattackers a persistent foothold in victims' networks, allowing them to move laterally, exfiltrate data, or release additional malware. This article continues to discuss findings regarding the ShroudedSnooper set of backdoors.
Dark Reading reports "'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks"