• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware

You are here: Home / General Cyber Security News / Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware
October 28, 2022

A previously undocumented dropper has been spotted putting in backdoors and other instruments utilizing the new procedure of looking at instructions from apparently innocuous Internet Info Expert services (IIS) logs.

The dropper has been discovered by cybersecurity scientists at Symantec, who mentioned an actor is making use of the piece of malware dubbed Cranefly (aka UNC3524) to set up one more piece of undocumented malware (Trojan.Danfuan) and other instruments.

Cranefly was initially found out by Mandiant in May well, with the security company saying the team seriously focused e-mails of personnel that labored in corporate enhancement, mergers and acquisitions and substantial company transactions.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In accordance to Mandiant, these attackers used at least 18 months on victim networks and used backdoors on appliances that did not assistance security applications to keep on being undetected.

The new Symantec advisory is now expressing that some of the backdoors utilised by UNC3524 relied on Hacktool.Regeorg, an open-source tool applied by various advanced persistent danger (APT) clusters.

“Symantec was unable to url this exercise to any recognized groups other than the UNC3524 team documented by Mandiant, which we monitor as Cranefly,” the business wrote.

Further, Symantec has warned that the use of a novel method together with the customized applications and the techniques taken to hide their action suggest that Cranefly is a “rather qualified” hacking group.

“While we do not see knowledge currently being exfiltrated from victim machines, the equipment deployed and efforts taken to conceal this exercise, coupled with the exercise previously documented by Mandiant, indicate that the most possible inspiration for this group is intelligence accumulating.”

Symantec has presented a checklist of indicators of compromise (IoC) about this danger in its advisory, as properly as on its Protection Bulletins site.

An additional threat actor typically focusing on intelligence gathering is Polonium, which was lately found by ESET working with 7 various backdoor variants to spy on Israeli companies.


Some pieces of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Raspberry Robin Worm Actors Linked to Clop, LockBit Ransomware Groups
Next Post: CISA Unveils Cybersecurity Goals For Critical Infrastructure Sectors Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.