"'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks"
"'ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks"
Two Middle Eastern telecommunications organizations were recently compromised by a potentially novel threat actor using two backdoors with new methods for covertly loading malicious shellcode onto a target system. Cisco Talos dubbed the intrusion set "ShroudedSnooper" because it could not link the activity to previously identified groups. ShroudedSnooper uses two backdoors, "HTTPSnoop" and "PipeSnoop," with advanced anti-detection mechanisms, such as masquerading as popular software products and infecting low-level Windows server components.