"Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers"

A new backdoor called Danfuan has been attributed to a recently discovered hacking group known for attacking employees who deal with corporate transactions. According to researchers from Symantec, the Geppei dropper is used to spread this previously undocumented malware. The dropper is being used to install new backdoors and other tools using a novel method of reading commands from what appear to be harmless Internet Information Services (IIS) logs. The cybersecurity firm has linked the toolset to UNC3524, also known as Cranefly, a suspected espionage actor that emerged in May 2022 due to its emphasis on bulk email collection from targets involved in mergers, acquisitions, and other financial transactions. One of the main malware strains used by the group is called QUIETEXIT, which installs a backdoor on network appliances, such as load balancers and wireless access point controllers that do not support antivirus or endpoint detection. This article continues to discuss the methods and tools used by Cranefly.

THN reports "Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers"